A developer’s guide to complying with PCI DSS 3.2 Requirement 6

The Payment Card Industry Data Security Standard (PCI DSS) is a highly
prescriptive technical standard, which is aimed at the protection of debit and
credit card details, which is referred to within the payments industry as
cardholder data. The objective of the standard is to prevent payment card
fraud, by securing cardholder data within organizations that either accept
card payments, or are involved in the handling of cardholder data. PCI DSS
consists of 12 sections of requirements, and usually responsibility for
compliance rests with IT infrastructure support. PCI DSS requirement 6 alone
breaks down into 28 individual requirements, and sits squarely with software
developers who are involved in the development of applications that process,
store, and transmit cardholder data. This article aims to focus on all aspects
of requirement 6. PCI compliance heavily revolves around IT services. IT
focused compliance managers that are tasked with achieving compliance within
organizations, often lack the required software developer knowledge and
experience to help assure that the application development meets the arduous
requirements of PCI DSS. Follow along to read a developer’s perspective to
complying with PCI DSS requirements.


Leave a Reply