PCI Compliance and over one million other books are available for Amazon Kindle. Learn more
Buy Used
Condition: Used: Very Good
Comment: Used; Book is in very good condition with minor wear to cover, tight binding.
Access codes and supplements are not guaranteed with used items.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance Paperback – December 15, 2009

ISBN-13: 978-1597494991 ISBN-10: 1597494992 Edition: 2nd

Price: $20.69
19 New from $31.00 21 Used from $4.35
Amazon Price New from Used from
"Please retry"
Paperback, December 15, 2009
$31.00 $4.35

Hero Quick Promo
Save up to 90% on Textbooks
Rent textbooks, buy textbooks, or get up to 80% back when you sell us your books. Shop Now

Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Product Details

  • Paperback: 368 pages
  • Publisher: Syngress; 2 edition (December 15, 2009)
  • Language: English
  • ISBN-10: 1597494992
  • ISBN-13: 978-1597494991
  • Product Dimensions: 9.2 x 7.4 x 1.1 inches
  • Shipping Weight: 1 pounds
  • Average Customer Review: 3.9 out of 5 stars  See all reviews (12 customer reviews)
  • Amazon Best Sellers Rank: #1,708,100 in Books (See Top 100 in Books)

Editorial Reviews


"Finally we have a  solid and comprehensive reference for PCI. This book explains in great detail not only how to apply PCI in a practical and cost-effective way, but more importantly why."--Joel Weise, Information Systems Security Association (ISSA) founder and chairman of the ISSA Journal Editorial Advisory Board

From the Back Cover

Identity theft and other confidential information theft have now topped the charts as the #1 cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant? Now in its second edition, PCI Compliance has been revised to follow the new PCI DSS standard 1.2.1. Also new to this edition: Each chapter has how-to guidance to walk you through implementing concepts, and real-world scenarios to help you relate to the information and better grasp how it impacts your data. This book provides the information that you need to understand the current PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information.

Customer Reviews

3.9 out of 5 stars
Share your thoughts with other customers

Most Helpful Customer Reviews

33 of 33 people found the following review helpful By Amazon Customer on August 22, 2007
Format: Paperback
When I first received this book from Syngress I was very excited. I knew nothing about PCI compliance -- other than it was big ticket item and everyone processing Visa transactions was affected in some way because of it. I can honestly say that I tore through this book and didn't put it down until I reached chapter 13. I was completely wrapped up in it as it was something I knew nothing about and wanted to know more!

Chapters 1 through 3 introduce you to the concepts behind PCI compliance including what it is and who needs to comply. These chapters really set the stage for what the rest of the book has to offer the reader.

Chapter 4 provides a technology overview of firewalls, intrusion systems, antivirus solutions, and common system default settings. Personally I felt that Chapter 4 was filler content just to add a chapter. It may, however, serve as a good reference for those in management roles who do not have "hands-on" interaction with the architecture of their environment.

Chapter 5 explains how to go about protecting your cardholder data as dictated by PCI requirements 3 & 4. This is a great chapter for anyone new to securing infrastructure to meet the requirements of a PCI audit. The authors also provide a fantastic section entitled "The Absolute Essentials" which offers suggestions on the minimum protection you can employ to protect your cardholder data.

Chapter 6 was by far my most favorite chapter and Syngress has offered it as a free download from their website. Many of you know what I do for a living and know how important understanding logging and requirements for logging is for my day-to-day duties. This chapter focuses around PCI Requirement 10 which details how you must handle the log data collected in your PCI environment.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
6 of 6 people found the following review helpful By M. Foster on August 2, 2010
Format: Paperback Verified Purchase
I read a lot of books in an attempt to grasp PCI compliance. This is my favorite PCI book and I refer to it frequently.

One of the things I noticed about other books is they, in my opinion, went into way too much detail on some of the basics, and tended to glaze over the more complicated parts.

What I enjoy so much about this book is that it covers basics in enough detail that even a beginner can understand, and it is also answers in detail the hard questions that other books left me confused.

With this book I gained at least twice as good an understanding of PCI than after reading all of those other books. If you want to understand PCI-DSS, this book is a great way to do so.
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
8 of 9 people found the following review helpful By Ben Rothke on August 27, 2007
Format: Paperback
It has long been rumored that manufacturers of items such as razors and batteries specifically produce their products an inferior level in order to ensure repeat business. A similar paradox is occurring in the information security space where many are complaining that the PCI Data Security Standard (PCI DSS) is too complex and costly. What is most troubling is that such opinions are being written in periodicals and by people that should know better.

PCI came to life when Visa, MasterCard, American Express, Diner's Club, Discover, and JCB collaborated to create a new set of standards to deal with credit card fraud. PCI requires that all merchants and service providers that handle, transmit, store or process information concerning any of these cards, or related card data, be required to be compliant with the PCI DSS. If they are not compliant, they can face monetary penalties and/or have their card processing privileges terminated by the credit card issuers.

The primary purpose of PCI is to force organizations to embrace common security controls to protect credit card data and reduce fraud and theft. The following are the six primary control areas and 12 specific requirements of the PCI DSS:
Build and maintain a secure network
1. Install and maintain firewall configurations
2. Do not use vendor-supplied or default passwords

Protect cardholder data
3. Protect stored data
4. Encrypt transmissions of cardholder data across public networks

Maintain a vulnerability management program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures
7. Restrict access to need-to-know
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 2 people found the following review helpful By Tracy R. Reed on April 23, 2011
Format: Paperback
I bought this book a year ago, shortly after it came out and I am just now getting around to reviewing it although I have been benefiting from its guidance for the past year as I go through another PCI implementation.

This is an excellent book. One of my best tech book buys in quite some time. It answered some questions I had been wondering about for a few years as I have gone through PCI implementations just using my sysadmin security experience and common sense plus the PCI DSS requirements themselves. It covers each of the 12 PCI DSS requirements (each of which has on average another 12 sub-requirements, don't let anyone tell you that "PCI is easy, just 12 things!") in order and gives examples and shows you how they apply.

This book does not cover PCI DSS 1.2 but the differences are quite small so don't let that worry you. Everything in the book is still correct, it just doesn't address virtualization which was the major thing added in 1.2.

I have even corresponded with one of the authors, Anton Chuvakin, a couple of times and he has always been friendly and helpful. I listen to his security podcast also.

If you have a need to learn about PCI DSS I strongly recommend this book as it is the best.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews

More About the Authors

Discover books, learn about writers, read author blogs, and more.