PCI-DSS-EDI
The card-data standard — applicable as soon as an EDI flow contains a PAN.
Definition
PCI DSS 4.0 (March 2022, fully effective April 2024) covers 12 requirements: firewalls, default passwords, stored cardholder data, transmission encryption, malware protection, secure systems, restrict access by need-to-know, authentication, physical access, logging/monitoring, security testing, info security policy. Relevant in EDI when a PAYMUL or remittance contains a PAN.
Origin
Standard created by PCI Security Standards Council (Visa, Mastercard, Amex, Discover, JCB) in 2004.
Example in context
An EDI chain hashing all PANs in SHA-256 before storage to stay out-of-PCI-DSS-scope.
Related terms
- ISO 27001 — parent ISMS framework.