PCI DSS | Nexi Documentation

PCI DSS stands for Payment Card Industry Data Security Standard and contains a set of rules for secure processing credit card transactions. In principle, all those involved in a credit card payment (e.g. merchants and PSPs) are subject to these rules as soon as they process, transfer or save credit card data.

Overview
PCI DSS stands for Payment Card Industry Data Security Standard and contains a set of rules for secure processing credit card transactions. In principle, all those involved in a credit card payment (e.g. merchants and PSPs) are subject to these rules as soon as they process, transfer or save credit card data. There are 12 basic requirements defined by PCI DSS Standard: Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Use and regularly update anti-virus software or programs Develop and maintain secure systems and applications Restrict access to cardholder data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain a policy that addresses information security for employees and contractors The complete PCI DSS ruleset is pubslihed here: https://www.pcisecuritystandards.org/document_library The compliance with these rules is checked as part of a PCI DSS certification. Your acquirer is responsible for verifying your PCI DSS certification. Evidence is provided either by means of questionnaires which you must fill out. These questionnaires are referred to as SBF (Selbstbeurteilungsfragebogen) or SAQ (self-assessment questionnaire). The questionnaires are divided into different classes depending on how you process credit card data (SAQ A, SAQ A-EP, ... up to SAQ D). Instead of the questionnaire, a personal PCI DSS audit may also be required. This decision is made by the acquirer or the PCI DSS auditor (QSA). However, NEXI are annually audited and certified according to PCI DSS Level 1 - the most strict PCI DSS level. Ease your PCI DSS certification NEXI supports you in adhering to these rules by relieving you of the direct processing of credit card data, if you use the Hosted Payment Page or the Credit Card Form (paySSL). In the simplest form, then a proof according to SAQ A is possible. The PcNr (pseudo card number) is not subject to the PCI DSS rules, because it is not a credit card, but only a token that references a credit card.

Overview

There are 12 basic requirements defined by PCI DSS Standard:

Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Use and regularly update anti-virus software or programs
Develop and maintain secure systems and applications
Restrict access to cardholder data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain a policy that addresses information security for employees and contractors

The complete PCI DSS ruleset is pubslihed here: https://www.pcisecuritystandards.org/document_library

The compliance with these rules is checked as part of a PCI DSS certification. Your acquirer is responsible for verifying your PCI DSS certification.

Evidence is provided

either by means of questionnaires which you must fill out. These questionnaires are referred to as SBF (Selbstbeurteilungsfragebogen) or SAQ (self-assessment questionnaire). The questionnaires are divided into different classes depending on how you process credit card data (SAQ A, SAQ A-EP, ... up to SAQ D).
Instead of the questionnaire, a personal PCI DSS audit may also be required. This decision is made by the acquirer or the PCI DSS auditor (QSA).

However, NEXI are annually audited and certified according to PCI DSS Level 1 - the most strict PCI DSS level.

Ease your PCI DSS certification

info NEXI supports you in adhering to these rules by relieving you of the direct processing of credit card data, if you use the Hosted Payment Page or the Credit Card Form (paySSL). In the simplest form, then a proof according to SAQ A is possible.

The PcNr (pseudo card number) is not subject to the PCI DSS rules, because it is not a credit card, but only a token that references a credit card.