{"id":4873,"date":"2021-07-30T06:51:00","date_gmt":"2021-07-30T06:51:00","guid":{"rendered":"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/"},"modified":"2026-04-21T09:33:05","modified_gmt":"2026-04-21T09:33:05","slug":"pci-dss-requirements-explained","status":"publish","type":"post","link":"https:\/\/www.edvantis.com\/de\/blog\/pci-dss-requirements-explained\/","title":{"rendered":"PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0"},"content":{"rendered":"\n<p>Payment security risks are an important issue for every business, interacting with payment cards, both physically and digitally. As customer data theft and payment fraud remain rampant, <a href=\"https:\/\/www.edvantis.com\/de\/service\/pos-software-development\/\" target=\"_blank\" rel=\"noreferrer noopener\">POS providers<\/a>, payment processors, payment hardware and software vendors alike are looking for extra ways to secure payment transactions and cardholder data processing.&nbsp;<\/p>\n\n\n\n<p>The Payment Card Industry (PCI) Data Security Standard (DSS) was introduced in late 2006. Yet, despite being around for over a decade, it\u2019s still not unanimously adopted. A 2021 poll found that <a href=\"https:\/\/pressreleases.responsesource.com\/news\/101474\/of-companies-have-failed-or-are-not-compliant-with-payment\/\" target=\"_blank\" rel=\"noreferrer noopener\">50% of merchants <\/a>are still non-compliant with PCI-DSS or failed to pass an assessment.&nbsp;<\/p>\n\n\n\n<p>The above is problematic as the majority of consumers (<a href=\"https:\/\/content.ekata.com\/Consumers-Demand-Speed-and-Security-in-the-Digital-Experience.html\" target=\"_blank\" rel=\"noreferrer noopener\">61%<\/a>) believe the businesses that have access to their personal data are responsible for preventing fraud. PCI-DSS was designed specifically to address customer data protection.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-ht-block-toc  is-style-outline htoc htoc--position-wide toc-list-style-plain\" data-htoc-state=\"expanded\"><span class=\"htoc__title\"><span class=\"ht_toc_title\">Table of Contents<\/span><span class=\"htoc__toggle\"><\/span><\/span><div class=\"htoc__itemswrap\"><ul class=\"ht_toc_list\"><li class=\"\"><a href=\"#what-is-pci-dss\">What is PCI DSS?&nbsp;<\/a><ul class=\"ht_toc_child_list\"><li class=\"\"><a href=\"#pci-dss-is-two-fold\">PCI-DSS is Two-Fold<\/a><\/li><\/ul><\/li><li class=\"\"><a href=\"#pci-dss-compliance-benefits\">PCI-DSS Compliance Benefits&nbsp;<\/a><\/li><li class=\"\"><a href=\"#pci-dss-interpretation-of-the-main-requirements\">PCI DSS: Interpretation of the Main Requirements&nbsp;<\/a><\/li><li class=\"\"><a href=\"#pci-dss-compliance-programs\">PCI DSS Compliance Programs&nbsp;<\/a><\/li><li class=\"\"><a href=\"#pci-ssf-as-the-next-compliance-milestone\">PCI SSF as The Next Compliance Milestone&nbsp;<\/a><ul class=\"ht_toc_child_list\"><li class=\"\"><a href=\"#pci-sff-components\">PCI SFF Components <\/a><\/li><\/ul><\/li><li class=\"\"><a href=\"#to-conclude-pci-dss-compliance-myths\">To Conclude: PCI DSS Compliance Myths&nbsp;<\/a><ul class=\"ht_toc_child_list\"><li class=\"\"><a href=\"#myth-1-pci-dss-doesn-t-apply-to-you-if-you-don-t-store-cardholder-data\">Myth 1: PCI DSS doesn\u2019t apply to you if you don\u2019t store cardholder data.<\/a><\/li><li class=\"\"><a href=\"#myth-2-pci-dss-is-a-legal-requirement-for-businesses\">Myth 2: PCI DSS is a legal requirement for businesses<\/a><\/li><li class=\"\"><a href=\"#myth-3-encrypted-cardholder-data-is-exempt\">Myth 3: Encrypted cardholder data is exempt<\/a><\/li><li class=\"\"><a href=\"#myth-4-pci-is-a-technical-issue-there-s-no-need-to-involve-the-rest-of-the-business\">Myth 4: PCI is a technical issue. There\u2019s no need to involve the rest of the business&nbsp;<\/a><\/li><li class=\"\"><a href=\"#myth-5-adopting-product-x-or-software-y-will-make-us-pci-compliant\">Myth 5: Adopting product X or software Y will make us PCI compliant<\/a><\/li><li class=\"\"><a href=\"#myth-6-we-outsource-payment-processing-or-payment-software-development-so-we-can-do-nothing\">Myth 6: We outsource payment processing or payment software development. So we can do nothing.<\/a><\/li><li class=\"\"><a href=\"#myth-7-our-business-is-good-because-we-use-compliant-payment-terminals\">Myth 7: Our business is good because we use compliant payment terminals&nbsp;<\/a><\/li><li class=\"\"><a href=\"#myth-8-i-m-too-small-for-cybercriminals-to-take-an-interest\">Myth 8: I\u2019m too small for cybercriminals to take an interest&nbsp;<\/a><\/li><li class=\"\"><a href=\"#myth-9-my-business-is-small-i-don-t-need-to-be-pci-compliant\">Myth 9: My business is small \u2013 I don\u2019t need to be PCI compliant&nbsp;<\/a><\/li><li class=\"\"><a href=\"#myth-10-pci-compliance-only-applies-to-credit-card-data\">Myth 10: PCI compliance only applies to credit card data.&nbsp;<\/a><\/li><li class=\"\"><a href=\"#myth-11-pci-compliance-is-too-difficult-no-one-can-keep-up-with-all-these-requirements\">Myth 11: PCI compliance is too difficult. No one can keep up with all these requirements!&nbsp;<\/a><\/li><\/ul><\/li><\/ul><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-is-pci-dss\">What is PCI DSS?&nbsp;<\/h2>\n\n\n\n<p>PCI DSS is a unified security standard, conceived and introduced by global payment card providers \u2014 American Express, Discover, JCB International, Mastercard, and Visa. Jointly, these companies developed a set of governance, technology, and process guidelines for ensuring top-most cardholder data protection.&nbsp;<\/p>\n\n\n\n<p>The two underlying components of PCI-DSS are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-pa-dss-payment-application-data-security-standard-aimed-at-ensuring-that-payment-providers-do-not-store-unnecessary-customer-data-e-g-full-magnetic-stripe-cvv2-or-pin-data1\"><strong>PA-DSS (Payment Application Data Security Standard)<\/strong>, aimed at ensuring that payment providers do not store unnecessary customer data (e.g. full magnetic stripe, CVV2, or PIN data)&nbsp;<\/li>\n\n\n\n<li id=\"htoc-pts-pin-transaction-security-devices-approved-pos-systems-merchants-are-encouraged-to-be-used-for-secure-in-person-payments1\"><strong>PTS (PIN Transaction Security)<\/strong> devices \u2014 approved POS systems merchants are encouraged to be used for secure in-person payments.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Both publicly distributed payment apps and devices, as well as internal payment processing systems, are subject to PA-DSS compliance (and PCI-DSS respectively).&nbsp;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p id=\"htoc-the-payment-application-data-security-standard-pa-dss-concerns-software-vendors-who-develop-payment-applications-that-store-process-or-transmit-cardholder-data-and-or-other-types-of-sensitive-authentication-data-the-requirement-comes-into-effect-if-you-intend-to-sell-distribute-or-license-a-payment-app-to-any-third-party\"><em>The Payment Application Data Security Standard (PA-DSS) concerns software vendors who develop payment applications that store, process, or transmit cardholder data and\/or other types of sensitive authentication data. The requirement comes into effect if you intend to sell, distribute, or license a payment app to any third party. <\/em><\/p>\n<\/blockquote>\n\n\n\n<p>PCI PTS security requirements, however, are more applicable to point-of-sale devices or payment terminals, both attended, i.e. manned by merchants, or unattended (UPT), i.e. automated parking payment machines.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/01.svg\" alt=\"PCI-DSS Ecosystem of Requirements\" class=\"wp-image-4854\" \/><\/figure>\n\n\n\n<p>&nbsp;Source: <a href=\"https:\/\/www.pcisecuritystandards.org\/pci_security\/maintaining_payment_security\" target=\"_blank\" rel=\"noreferrer noopener\">PCI-DSS Council&nbsp;<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"pci-dss-is-two-fold\">PCI-DSS is Two-Fold<\/h3>\n\n\n\n<p>Conditionally, PCI-DSS can be broken down to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-the-security-standard-itself-a-prescriptive-list-of-12-overarching-technical-requirements-and-280-sub-requirements-specifying-compliant-payment-app-architecture-coding-practices-data-processing-standards-and-qa-qc-procedures1\"><strong><strong>The security standard itself <\/strong>\u2014 <\/strong>a prescriptive list of 12 overarching technical requirements and 280+ sub-requirements, specifying compliant payment app architecture, coding practices, data processing standards, and <a href=\"https:\/\/www.edvantis.com\/de\/blog\/qa-vs-qc\/\" target=\"_blank\" rel=\"noreferrer noopener\">QA\/QC procedures<\/a>.&nbsp;<\/li>\n\n\n\n<li id=\"htoc-pci-dss-compliance-programs-a-certification-you-can-obtain-for-an-existing-payment-product-you-can-pass-a-pci-dss-roc-report-of-compliance-assessment-or-a-pci-dss-saq-self-assessment-questionnaire1\"><strong>PCI-DSS Compliance programs <\/strong>\u2014 a certification you can obtain for an existing payment product. You can pass a PCI DSS RoC (Report of Compliance) assessment or a PCI DSS SAQ (Self-assessment Questionnaire).&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>The PCI DSS Council has an up-to-date database of certified payment applications and PTS devices for merchants. Getting on this list is like receiving a \u201cstamp of approval\u201d, signifying that your products have unquestionable levels of security. Many business partners also pay attention to PCI-DSS compliance status.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"pci-dss-compliance-benefits\">PCI-DSS Compliance Benefits&nbsp;<\/h2>\n\n\n\n<p>Complying with PCI Security Standards seems like a daunting task. The maze of standards and technical best practices can seem hard to handle for large organizations, let alone smaller vendors.&nbsp;<\/p>\n\n\n\n<p>Yet, becoming compliant has undeniable perks, ranging from higher levels of consumer trust to access to new revenue streams:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-your-systems-are-secure-and-your-customers-can-entrust-you-with-their-sensitive-payment-card-information-such-peace-of-mind-leads-to-customer-confidence-and-repeat-business1\">Your systems are secure and your customers can entrust you with their sensitive payment card information. Such peace of mind leads to customer confidence and repeat business.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-pci-compliance-improves-your-reputation-with-banks-payment-providers-and-other-business-partners1\">PCI Compliance improves your reputation with banks, payment providers, and other business partners.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-you-are-better-prepared-to-meet-additional-regulations-such-as-hipaa-and-sox-after-pci-dss-certification1\">You are better prepared to meet additional regulations, such as HIPAA and SOX, after PCI-DSS certification.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-systems-hardening-and-modernization-in-line-with-pci-dss-requirements-often-results-in-improved-it-infrastructure-efficiency1\">Systems hardening and <a href=\"https:\/\/www.edvantis.com\/de\/blog\/legacy-application-modernization\/\" target=\"_blank\" rel=\"noreferrer noopener\">modernization<\/a> in line with PCI-DSS requirements often results in improved IT infrastructure efficiency.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Ultimately, PCI-DSS Compliance is your investment in extra protection against costly data breaches and payment card data theft in the present and in the future.&nbsp;<\/p>\n\n\n\n<p>Last year, the average cost of a data breach for larger organizations totaled <strong>$3.86 million<\/strong>, per <a href=\"https:\/\/www.capita.com\/sites\/g\/files\/nginej291\/files\/2020-08\/Ponemon-Global-Cost-of-Data-Breach-Study-2020.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Ponemon study<\/a>. What\u2019s even more problematic is that businesses in the financial sector required <strong>233 days<\/strong> to identify and contain a breach. With proper security facets in place, this timeline can be reduced at least twice.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"pci-dss-interpretation-of-the-main-requirements\">PCI DSS: Interpretation of the Main Requirements&nbsp;<\/h2>\n\n\n\n<p>PCI DSS emerged as a solution to fragmentation. Before 2006, each card processor relied on its own security standard for protecting cardholder data. Understandably, this resulted in interoperability issues. So the big industry players decided to consolidate their efforts and introduced the PCI DSS standard.&nbsp;<\/p>\n\n\n\n<p>The PCI DSS security requirements pertain to all payment system components, interacting with the cardholder data environment.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-the-cardholder-data-environment-cde-consists-of-people-processes-and-technologies-that-store-process-or-transmit-cardholder-data-or-sensitive-authentication-data1\">The cardholder data environment (CDE) consists of people, processes, and technologies that store, process, or transmit cardholder data or sensitive authentication data.&nbsp;<\/li>\n\n\n\n<li id=\"htoc-system-components-include-network-devices-servers-computing-devices-and-applications1\">System components include network devices, servers, computing devices, and applications.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>To ensure homogenous and secure interactions between these two assets, PCI-DSS urges Developers to adhere to the following 12 requirements:&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li id=\"htoc-install-firewalls-to-protect-cardholder-data1\">Install firewalls to protect cardholder data<\/li>\n\n\n\n<li id=\"htoc-never-use-vendor-provided-defaults-for-system-passwords-and-other-security-facets1\">Never use vendor-provided defaults for system passwords and other security facets<\/li>\n\n\n\n<li id=\"htoc-protect-stored-customer-data1\">Protect stored customer data&nbsp;<\/li>\n\n\n\n<li id=\"htoc-always-encrypt-data-transmissions-across-public-networks1\">Always encrypt data transmissions across public networks&nbsp;<\/li>\n\n\n\n<li id=\"htoc-use-and-updated-anti-virus-software1\">Use and updated anti-virus software&nbsp;<\/li>\n\n\n\n<li id=\"htoc-maintain-secure-access-for-all-systems-and-applications1\">Maintain secure access for all systems and applications&nbsp;<\/li>\n\n\n\n<li id=\"htoc-restrict-access-to-the-minimal-required-information1\">Restrict access to the minimal required information&nbsp;<\/li>\n\n\n\n<li id=\"htoc-identify-and-authenticate-every-party-seeking-access1\">Identify and authenticate every party, seeking access&nbsp;<\/li>\n\n\n\n<li id=\"htoc-implement-physical-protection-of-cardholder-data1\">Implement physical protection of cardholder data&nbsp;<\/li>\n\n\n\n<li id=\"htoc-log-and-monitor-all-access-to-network-resources-and-customer-data1\">Log and monitor all access to network resources and customer data&nbsp;<\/li>\n\n\n\n<li id=\"htoc-test-and-improve-security-processes1\">Test and improve security processes&nbsp;<\/li>\n\n\n\n<li id=\"htoc-have-respective-personnel-security-policies1\">Have respective personnel security policies&nbsp;<\/li>\n<\/ol>\n\n\n\n<p>The above are high-level requirements, however, further broken down into 280+ extra security provisions and best practices.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"pci-dss-compliance-programs\">PCI DSS Compliance Programs&nbsp;<\/h2>\n\n\n\n<p>Passing a PCI-DSS assessment is often a contractual requirement, imposed by the founding five payment card brands on partnering merchants and acquires. Given the rise in payment card usage and <a href=\"https:\/\/www.edvantis.com\/de\/blog\/new-payment-methods-in-retail\/\" target=\"_blank\" rel=\"noreferrer noopener\">new payment methods in retail<\/a>, in particular, bypassing the interactions with these brands is often not possible.&nbsp;<\/p>\n\n\n\n<p>After passing the initial certification, your company will likely need to re-confirm its compliance status once a year using either a self-assessment questionnaire or a report on compliance.&nbsp;<\/p>\n\n\n\n<p>The chart below describes why organizations have to comply with PCI-DSS and who can ask them to be PCI DSS compliant.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/02.svg\" alt=\"whom PCI DSS applies to chart\" class=\"wp-image-4856\" \/><\/figure>\n\n\n\n<p>Source: <a href=\"https:\/\/app.pluralsight.com\/library\/courses\/pci-dss-big-picture\" target=\"_blank\" rel=\"noreferrer noopener\">Pluralsight<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"pci-ssf-as-the-next-compliance-milestone\">PCI SSF as The Next Compliance Milestone&nbsp;<\/h2>\n\n\n\n<p>The <a href=\"https:\/\/www.edvantis.com\/de\/blog\/digital-payments-in-2021\/\" target=\"_blank\" rel=\"noreferrer noopener\">digital payment landscape keeps evolving<\/a> and new payment modalities come to the fore. As a response to emerging trends, the PCI DSS council decided to upgrade the initial compliance guidelines.&nbsp;<\/p>\n\n\n\n<p>PCI SSF (Payment Card Industry Software Security Framework) is a revised collection of security standards, built atop of PA DSS. SSF features new requirements for demonstrating staunch payment systems security levels and puts down best practices for new <a href=\"https:\/\/www.edvantis.com\/de\/service\/zahlung\/\" target=\"_blank\" rel=\"noreferrer noopener\">payment software development<\/a>. PCI SSF is due to come into effect in October 2022 and will replace the PA DSS as a benchmark standard.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/08\/03.svg\" alt=\"Software Security Standards Timeline\" class=\"wp-image-4944\" \/><\/figure>\n\n\n\n<p>Source: <a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/Transitioning_from_PA-DSS_to_SSF_Resource_Guide.pdf?agreement=true&amp;time=1626947826648\" target=\"_blank\" rel=\"noreferrer noopener\">PCI-DSS Council<\/a><\/p>\n\n\n\n<p>The PCI SSF (Software Security Framework) is designed to support a broader array of payment software types, architectures, and <a href=\"https:\/\/www.edvantis.com\/de\/blog\/software-development-methodologies\/\" target=\"_blank\" rel=\"noreferrer noopener\">agile software development methodologies<\/a> in use today. The standard is also more future-oriented, accounting for emerging payment use cases, ranging from unattended commerce solutions to IoT payments.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"pci-sff-components\">PCI SFF Components <\/h3>\n\n\n\n<p>PCI SSF framework includes <a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/SSF_At-a-Glance.pdf?agreement=true&amp;time=1626947826634\" target=\"_blank\" rel=\"noreferrer noopener\">four core components<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-secure-software-standard-puts-forth-security-requirements-for-developing-secure-payment-software-the-key-focus-is-on-the-protection-of-data-confidentiality-and-integrity-during-transactions-primarily-concerns-vendors-who-ship-software-that-facilitates-payment-transactions1\"><strong>Secure Software Standard<\/strong> \u2014 puts forth security requirements for developing secure payment software. The key focus is on the protection of data confidentiality and integrity during transactions. Primarily concerns vendors who ship software that facilitates payment transactions.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-secure-software-lifecycle-secure-slc-standard-encourages-vendors-to-institute-and-adhere-to-security-best-practices-at-every-lag-of-the-software-development-lifecycle-to-achieve-security-by-design1\"><strong>Secure Software Lifecycle (Secure SLC) Standard<\/strong> \u2014 encourages vendors to institute and adhere to security best practices at every lag of the software development lifecycle to achieve security by design.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-secure-software-program-a-validation-assessment-vendors-can-complete-to-get-recognized-as-compliant-with-pci-ssf-everyone-who-passes-the-assessment-will-be-listed-on-a-respective-list-by-pci-dss-council1\"><strong>Secure Software Program<\/strong> \u2014 a validation assessment vendors can complete to get recognized as compliant with PCI-SSF. Everyone who passes the assessment will be listed on a respective list by PCI-DSS Council.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-secure-slc-program-a-validation-assessment-vendors-can-complete-to-demonstrate-their-compliance-with-secure-sdlc-requirements-likewise-successful-validation-earmarks-a-placement-on-the-pci-ssc-list-of-secure-slc-qualified-vendors1\"><strong>Secure SLC Program<\/strong> \u2014 a validation assessment vendors can complete to demonstrate their compliance with Secure SDLC requirements. Likewise, successful validation earmarks a placement on the PCI SSC List of Secure SLC Qualified Vendors.&nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/04.svg\" alt=\"PCI Software Security Framework\" class=\"wp-image-4860\" \/><\/figure>\n\n\n\n<p>Source: <a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/SSF_At-a-Glance.pdf?agreement=true&amp;time=1626947826634\" target=\"_blank\" rel=\"noreferrer noopener\">PCI-DSS Council&nbsp;<\/a><\/p>\n\n\n\n<p>As part of this change, PCI-DSS also aims to bring in<strong> Secure Software Framework Assessors (SSF Assessors)<\/strong> \u2014 designated organizations for conducting evaluations of vendors and software products.&nbsp;<\/p>\n\n\n\n<p>So what are the benefits of PCI-SSF?&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li id=\"htoc-extends-pa-dss-applicability-to-a-wider-number-of-payment-applications1\">Extends PA-DSS applicability to a wider number of payment applications&nbsp;<\/li>\n\n\n\n<li id=\"htoc-improves-the-flexibility-of-requirements-and-validation-options1\">Improves the flexibility of requirements and validation options&nbsp;<\/li>\n\n\n\n<li id=\"htoc-promotes-more-agile-approaches-to-application-development1\">Promotes more agile approaches to application development&nbsp;<\/li>\n\n\n\n<li id=\"htoc-places-secure-sdlc-in-the-limelight1\">Places secure <a href=\"https:\/\/www.edvantis.com\/de\/blog\/software-development-process\/\" target=\"_blank\" rel=\"noreferrer noopener\">SDLC<\/a> in the limelight&nbsp;<\/li>\n\n\n\n<li id=\"htoc-accounts-for-emerging-and-future-payment-use-cases1\">Accounts for emerging and future payment use cases&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>As of present, PA-DSS Council stopped accepting new PA-DSS validation submissions and prepares for the SSF roll-out.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"to-conclude-pci-dss-compliance-myths\">To Conclude: PCI DSS Compliance Myths&nbsp;<\/h2>\n\n\n\n<p>Passing a PCI DSS validation is an intricate process. Despite extensive documentation and supporting resources, issued by participating organizations, there\u2019s still a number of persistent PCI myths out in the wild.&nbsp;<\/p>\n\n\n\n<p>So let\u2019s bust some!<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-1-pci-dss-doesn-t-apply-to-you-if-you-don-t-store-cardholder-data\">Myth 1: PCI DSS doesn\u2019t apply to you if you don\u2019t store cardholder data.<\/h4>\n\n\n\n<p><strong>Fact:<\/strong> Wrong, PCI DSS kicks in when you process or transmit sensitive cardholder data (even if you choose not to store it).&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-2-pci-dss-is-a-legal-requirement-for-businesses\">Myth 2: PCI DSS is a legal requirement for businesses<\/h4>\n\n\n\n<p><strong>Fact:<\/strong> No, it\u2019s not a legal provision, but a contractual obligation you take on if you are interacting with payment cards. Respectively, you should view PCI DSS like any other contract.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-3-encrypted-cardholder-data-is-exempt\">Myth 3: Encrypted cardholder data is exempt<\/h4>\n\n\n\n<p><strong>Fact:<\/strong> Not completely. The third PCI-DSS requirement says that all cardholder data has to be encrypted. Yet, encrypted cardholder data still equals cardholder data. But properly implemented key management can make encrypted data out of scope.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-4-pci-is-a-technical-issue-there-s-no-need-to-involve-the-rest-of-the-business\">Myth 4: PCI is a technical issue. There\u2019s no need to involve the rest of the business&nbsp;<\/h4>\n\n\n\n<p><strong>Fact:<\/strong> Protecting cardholder data requires everyone to get on board. In fact, when the compliance initiative comes from the finance department and upper execs back it too, the projects end up being the most successful.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-5-adopting-product-x-or-software-y-will-make-us-pci-compliant\">Myth 5: Adopting product X or software Y will make us PCI compliant<\/h4>\n\n\n\n<p><strong>Fact<\/strong>: There is no silver bullet, one-stop-shop, off-the-shelf solution for achieving PCI compliance.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-6-we-outsource-payment-processing-or-payment-software-development-so-we-can-do-nothing\">Myth 6: We outsource payment processing or payment software development. So we can do nothing.<\/h4>\n\n\n\n<p><strong>Fact<\/strong>: Is your outsourcing partner compliant? If not, achieving PCI-DSS remains your obligation. Your technology partner can help you prepare for the certification, but they may not be contractually obliged to have PCI-DSS compliance status unless that it is written in your paperwork.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-7-our-business-is-good-because-we-use-compliant-payment-terminals\">Myth 7: Our business is good because we use compliant payment terminals&nbsp;<\/h4>\n\n\n\n<p><strong>Fact:<\/strong> Using an approved PTS (PIN Transaction Security) device is just one aspect of PCI compliance. There\u2019s also PA-DSS as a standard for maintaining secure payment applications.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-8-i-m-too-small-for-cybercriminals-to-take-an-interest\">Myth 8: I\u2019m too small for cybercriminals to take an interest&nbsp;<\/h4>\n\n\n\n<p><strong>Fact: <\/strong>Sorry, but no one is too big or small for a fraudulent attack. In fact, <a href=\"https:\/\/www.prnewswire.com\/news-releases\/wepay-survey-reveals-smbs-struggle-with-cash-flow-management-customer-payment-fraud-300458778.html\" target=\"_blank\" rel=\"noreferrer noopener\">21%<\/a> of SMBs experienced payment fraud during the first year of operations, and another 51% within the two years of opening doors.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-9-my-business-is-small-i-don-t-need-to-be-pci-compliant\">Myth 9: My business is small \u2013 I don\u2019t need to be PCI compliant&nbsp;<\/h4>\n\n\n\n<p><strong>Fact: <\/strong>Your business size has nothing to do with PCI compliance. Even if you only process several card payments per year, you still need to handle cardholder data in a secure and responsible manner.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-10-pci-compliance-only-applies-to-credit-card-data\">Myth 10: PCI compliance only applies to credit card data.&nbsp;<\/h4>\n\n\n\n<p><strong>Fact:<\/strong> PCI compliance applies to any type of payment card (debit and credit), as well as contactless payments. Quick reminder: you are cannot store unencrypted card number, the CVV\/CVV2 codes, or the PIN number for any type of card.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"myth-11-pci-compliance-is-too-difficult-no-one-can-keep-up-with-all-these-requirements\">Myth 11: PCI compliance is too difficult. No one can keep up with all these requirements!&nbsp;<\/h4>\n\n\n\n<p>PCI-DSS compliance prompts you to adopt good business standards for securing data. All the main 12 requirements are aimed at that. If you already place security at the core of your operations, PCI compliance won\u2019t be a difficult act!<\/p>\n\n\n\n<p><em>Level up your security with Edvantis. <\/em><a href=\"https:\/\/bit.ly\/3zn7y7Z\" target=\"_blank\" rel=\"noreferrer noopener\"><em>Contact our Payment Specialists<\/em><\/a><em> to receive a preliminary consultation on achieving PCI-DSS compliance or developing new payment software in line with all the security best practices.&nbsp;<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Payment security risks are an important issue for every business, interacting with payment cards, both physically and digitally. As customer data theft and payment fraud remain rampant, POS providers, payment processors, payment hardware and software vendors alike are looking for extra ways to secure payment transactions and cardholder data processing. The Payment Card Industry (PCI) Data Security Standard (DSS) was introduced in late 2006. Yet, despite being around for over a decade, it\u2019s still not unanimously adopted. A 2021 poll found that 50% of merchants are still non-compliant with PCI-DSS or failed to pass an assessment. <\/p>\n","protected":false},"author":4,"featured_media":29671,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[35],"tags":[85],"taxonomy_industries":[80],"class_list":["post-4873","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industrie","tag-lesedauer-9-minuten","taxonomy_industries-zahlung-de"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0 - Edvantis<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.edvantis.com\/de\/blog\/pci-dss-requirements-explained\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0 - Edvantis\" \/>\n<meta property=\"og:description\" content=\"Payment security risks are an important issue for every business, interacting with payment cards, both physically and digitally. As customer data theft and payment fraud remain rampant, POS providers, payment processors, payment hardware and software vendors alike are looking for extra ways to secure payment transactions and cardholder data processing. The Payment Card Industry (PCI) Data Security Standard (DSS) was introduced in late 2006. Yet, despite being around for over a decade, it\u2019s still not unanimously adopted. A 2021 poll found that 50% of merchants are still non-compliant with PCI-DSS or failed to pass an assessment.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/\" \/>\n<meta property=\"og:site_name\" content=\"Edvantis\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-30T06:51:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-21T09:33:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/featured-image-for-post-about-PCI-DSS-Edvantis.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1300\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Elena Prokopets\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Elena Prokopets\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.edvantis.com\/de\/blog\/pci-dss-requirements-explained\/\"},\"author\":{\"name\":\"Elena Prokopets\",\"@id\":\"https:\/\/www.edvantis.com\/de\/#\/schema\/person\/03862f02c845034443f6ed9407d6db19\"},\"headline\":\"PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0\",\"datePublished\":\"2021-07-30T06:51:00+00:00\",\"dateModified\":\"2026-04-21T09:33:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.edvantis.com\/de\/blog\/pci-dss-requirements-explained\/\"},\"wordCount\":2172,\"image\":{\"@id\":\"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/featured-image-for-post-about-PCI-DSS-Edvantis.png\",\"keywords\":[\"Lesedauer: 9 minuten\"],\"articleSection\":[\"Einblicke in die Industrie\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.edvantis.com\/de\/blog\/pci-dss-requirements-explained\/\",\"url\":\"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/\",\"name\":\"PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0 - Edvantis\",\"isPartOf\":{\"@id\":\"https:\/\/www.edvantis.com\/de\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/featured-image-for-post-about-PCI-DSS-Edvantis.png\",\"datePublished\":\"2021-07-30T06:51:00+00:00\",\"dateModified\":\"2026-04-21T09:33:05+00:00\",\"author\":{\"@id\":\"https:\/\/www.edvantis.com\/de\/#\/schema\/person\/03862f02c845034443f6ed9407d6db19\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#primaryimage\",\"url\":\"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/featured-image-for-post-about-PCI-DSS-Edvantis.png\",\"contentUrl\":\"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/featured-image-for-post-about-PCI-DSS-Edvantis.png\",\"width\":1300,\"height\":900,\"caption\":\"featured image for post about PCI-DSS Edvantis\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/www.edvantis.com\/de\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.edvantis.com\/de\/#website\",\"url\":\"https:\/\/www.edvantis.com\/de\/\",\"name\":\"Edvantis\",\"description\":\"Edvantis | IT Outsourcing &amp; Custom Software Development\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.edvantis.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.edvantis.com\/de\/#\/schema\/person\/03862f02c845034443f6ed9407d6db19\",\"name\":\"Elena Prokopets\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.edvantis.com\/de\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7599502b735425943fffc167b4c9cfb072d028c109ee07501c8711a4fe0e12e7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7599502b735425943fffc167b4c9cfb072d028c109ee07501c8711a4fe0e12e7?s=96&d=mm&r=g\",\"caption\":\"Elena Prokopets\"},\"sameAs\":[\"admin\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0 - Edvantis","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.edvantis.com\/de\/blog\/pci-dss-requirements-explained\/","og_locale":"de_DE","og_type":"article","og_title":"PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0 - Edvantis","og_description":"Payment security risks are an important issue for every business, interacting with payment cards, both physically and digitally. As customer data theft and payment fraud remain rampant, POS providers, payment processors, payment hardware and software vendors alike are looking for extra ways to secure payment transactions and cardholder data processing. The Payment Card Industry (PCI) Data Security Standard (DSS) was introduced in late 2006. Yet, despite being around for over a decade, it\u2019s still not unanimously adopted. A 2021 poll found that 50% of merchants are still non-compliant with PCI-DSS or failed to pass an assessment.","og_url":"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/","og_site_name":"Edvantis","article_published_time":"2021-07-30T06:51:00+00:00","article_modified_time":"2026-04-21T09:33:05+00:00","og_image":[{"width":1300,"height":900,"url":"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/featured-image-for-post-about-PCI-DSS-Edvantis.png","type":"image\/png"}],"author":"Elena Prokopets","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Elena Prokopets","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#article","isPartOf":{"@id":"https:\/\/www.edvantis.com\/de\/blog\/pci-dss-requirements-explained\/"},"author":{"name":"Elena Prokopets","@id":"https:\/\/www.edvantis.com\/de\/#\/schema\/person\/03862f02c845034443f6ed9407d6db19"},"headline":"PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0","datePublished":"2021-07-30T06:51:00+00:00","dateModified":"2026-04-21T09:33:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.edvantis.com\/de\/blog\/pci-dss-requirements-explained\/"},"wordCount":2172,"image":{"@id":"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#primaryimage"},"thumbnailUrl":"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/featured-image-for-post-about-PCI-DSS-Edvantis.png","keywords":["Lesedauer: 9 minuten"],"articleSection":["Einblicke in die Industrie"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.edvantis.com\/de\/blog\/pci-dss-requirements-explained\/","url":"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/","name":"PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0 - Edvantis","isPartOf":{"@id":"https:\/\/www.edvantis.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#primaryimage"},"image":{"@id":"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#primaryimage"},"thumbnailUrl":"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/featured-image-for-post-about-PCI-DSS-Edvantis.png","datePublished":"2021-07-30T06:51:00+00:00","dateModified":"2026-04-21T09:33:05+00:00","author":{"@id":"https:\/\/www.edvantis.com\/de\/#\/schema\/person\/03862f02c845034443f6ed9407d6db19"},"breadcrumb":{"@id":"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#primaryimage","url":"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/featured-image-for-post-about-PCI-DSS-Edvantis.png","contentUrl":"https:\/\/www.edvantis.com\/wp-content\/uploads\/2021\/07\/featured-image-for-post-about-PCI-DSS-Edvantis.png","width":1300,"height":900,"caption":"featured image for post about PCI-DSS Edvantis"},{"@type":"BreadcrumbList","@id":"https:\/\/www.edvantis.com\/blog\/pci-dss-requirements-explained\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.edvantis.com\/de\/"},{"@type":"ListItem","position":2,"name":"PCI-DSS Security Standards Explained: Requirements and Compliance Programs\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/www.edvantis.com\/de\/#website","url":"https:\/\/www.edvantis.com\/de\/","name":"Edvantis","description":"Edvantis | IT Outsourcing &amp; Custom Software Development","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.edvantis.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Person","@id":"https:\/\/www.edvantis.com\/de\/#\/schema\/person\/03862f02c845034443f6ed9407d6db19","name":"Elena Prokopets","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.edvantis.com\/de\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7599502b735425943fffc167b4c9cfb072d028c109ee07501c8711a4fe0e12e7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7599502b735425943fffc167b4c9cfb072d028c109ee07501c8711a4fe0e12e7?s=96&d=mm&r=g","caption":"Elena Prokopets"},"sameAs":["admin"]}]}},"_links":{"self":[{"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/posts\/4873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/comments?post=4873"}],"version-history":[{"count":0,"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/posts\/4873\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/media\/29671"}],"wp:attachment":[{"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/media?parent=4873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/categories?post=4873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/tags?post=4873"},{"taxonomy":"taxonomy_industries","embeddable":true,"href":"https:\/\/www.edvantis.com\/de\/wp-json\/wp\/v2\/taxonomy_industries?post=4873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}