How Virtualization Affects PCI DSS Part 1: Mapping PCI Requirements and Virtualization
Theft of credit/debit card information - also referred to as Cardholder Data (CHD) - is increasing with the steady rise in Internet shopping and e-commerce as well as the use of potentially risky technologies such as wireless networking. The Payment Card Industry Data Security Standard (PCI DSS) was established by the major payment brands with a goal to limit the risk to cardholder data from such threats. The PCI DSS achieves this by specifying detailed people, process and technology related controls that must be implemented by all organizations dealing with cardholder data. This paper provides a cursory overview above of the PCI DSS controls and requirements and how these could be potentially affected by virtualizing infrastructure.