Enter your mobile number below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance 2nd Edition

3.9 out of 5 stars 12 customer reviews
ISBN-13: 978-1597494991
ISBN-10: 1597494992
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
More Buying Choices
9 New from $34.99 13 Used from $0.62

Best Books of the Year So Far
Looking for something great to read? Browse our editors' picks for the Best Books of the Year So Far in fiction, nonfiction, mysteries, children's books, and much more.
click to open popover

Editorial Reviews


"Finally we have a  solid and comprehensive reference for PCI. This book explains in great detail not only how to apply PCI in a practical and cost-effective way, but more importantly why."--Joel Weise, Information Systems Security Association (ISSA) founder and chairman of the ISSA Journal Editorial Advisory Board

From the Back Cover

Identity theft and other confidential information theft have now topped the charts as the #1 cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant? Now in its second edition, PCI Compliance has been revised to follow the new PCI DSS standard 1.2.1. Also new to this edition: Each chapter has how-to guidance to walk you through implementing concepts, and real-world scenarios to help you relate to the information and better grasp how it impacts your data. This book provides the information that you need to understand the current PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information.


New York Times best sellers
Browse the New York Times best sellers in popular categories like Fiction, Nonfiction, Picture Books and more. See more

Product Details

  • Paperback: 368 pages
  • Publisher: Syngress; 2 edition (December 15, 2009)
  • Language: English
  • ISBN-10: 1597494992
  • ISBN-13: 978-1597494991
  • Product Dimensions: 9.2 x 7.4 x 1.1 inches
  • Shipping Weight: 1 pounds
  • Average Customer Review: 3.9 out of 5 stars  See all reviews (12 customer reviews)
  • Amazon Best Sellers Rank: #1,572,820 in Books (See Top 100 in Books)

Customer Reviews

Top Customer Reviews

Format: Paperback
When I first received this book from Syngress I was very excited. I knew nothing about PCI compliance -- other than it was big ticket item and everyone processing Visa transactions was affected in some way because of it. I can honestly say that I tore through this book and didn't put it down until I reached chapter 13. I was completely wrapped up in it as it was something I knew nothing about and wanted to know more!

Chapters 1 through 3 introduce you to the concepts behind PCI compliance including what it is and who needs to comply. These chapters really set the stage for what the rest of the book has to offer the reader.

Chapter 4 provides a technology overview of firewalls, intrusion systems, antivirus solutions, and common system default settings. Personally I felt that Chapter 4 was filler content just to add a chapter. It may, however, serve as a good reference for those in management roles who do not have "hands-on" interaction with the architecture of their environment.

Chapter 5 explains how to go about protecting your cardholder data as dictated by PCI requirements 3 & 4. This is a great chapter for anyone new to securing infrastructure to meet the requirements of a PCI audit. The authors also provide a fantastic section entitled "The Absolute Essentials" which offers suggestions on the minimum protection you can employ to protect your cardholder data.

Chapter 6 was by far my most favorite chapter and Syngress has offered it as a free download from their website. Many of you know what I do for a living and know how important understanding logging and requirements for logging is for my day-to-day duties. This chapter focuses around PCI Requirement 10 which details how you must handle the log data collected in your PCI environment.
Read more ›
Comment 33 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
I read a lot of books in an attempt to grasp PCI compliance. This is my favorite PCI book and I refer to it frequently.

One of the things I noticed about other books is they, in my opinion, went into way too much detail on some of the basics, and tended to glaze over the more complicated parts.

What I enjoy so much about this book is that it covers basics in enough detail that even a beginner can understand, and it is also answers in detail the hard questions that other books left me confused.

With this book I gained at least twice as good an understanding of PCI than after reading all of those other books. If you want to understand PCI-DSS, this book is a great way to do so.
1 Comment 6 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
It has long been rumored that manufacturers of items such as razors and batteries specifically produce their products an inferior level in order to ensure repeat business. A similar paradox is occurring in the information security space where many are complaining that the PCI Data Security Standard (PCI DSS) is too complex and costly. What is most troubling is that such opinions are being written in periodicals and by people that should know better.

PCI came to life when Visa, MasterCard, American Express, Diner's Club, Discover, and JCB collaborated to create a new set of standards to deal with credit card fraud. PCI requires that all merchants and service providers that handle, transmit, store or process information concerning any of these cards, or related card data, be required to be compliant with the PCI DSS. If they are not compliant, they can face monetary penalties and/or have their card processing privileges terminated by the credit card issuers.

The primary purpose of PCI is to force organizations to embrace common security controls to protect credit card data and reduce fraud and theft. The following are the six primary control areas and 12 specific requirements of the PCI DSS:
Build and maintain a secure network
1. Install and maintain firewall configurations
2. Do not use vendor-supplied or default passwords

Protect cardholder data
3. Protect stored data
4. Encrypt transmissions of cardholder data across public networks

Maintain a vulnerability management program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures
7. Restrict access to need-to-know
Read more ›
Comment 8 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
I bought this book a year ago, shortly after it came out and I am just now getting around to reviewing it although I have been benefiting from its guidance for the past year as I go through another PCI implementation.

This is an excellent book. One of my best tech book buys in quite some time. It answered some questions I had been wondering about for a few years as I have gone through PCI implementations just using my sysadmin security experience and common sense plus the PCI DSS requirements themselves. It covers each of the 12 PCI DSS requirements (each of which has on average another 12 sub-requirements, don't let anyone tell you that "PCI is easy, just 12 things!") in order and gives examples and shows you how they apply.

This book does not cover PCI DSS 1.2 but the differences are quite small so don't let that worry you. Everything in the book is still correct, it just doesn't address virtualization which was the major thing added in 1.2.

I have even corresponded with one of the authors, Anton Chuvakin, a couple of times and he has always been friendly and helpful. I listen to his security podcast also.

If you have a need to learn about PCI DSS I strongly recommend this book as it is the best.
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Recent Customer Reviews

Pages with Related Products. See and discover other items: ebay books