Overview
The PCI DSS Compliance Checker is a security assessment tool designed to evaluate whether an organization meets the Payment Card Industry Data Security Standard (PCI DSS) requirements. This API accepts detailed information about your payment processing infrastructure, security controls, and operational practices, then performs a thorough compliance analysis across all 12 PCI DSS requirements.
Organizations handling payment card data—whether through e-commerce platforms, physical point-of-sale systems, mobile payments, or third-party processors—must maintain PCI DSS compliance to protect cardholder data and avoid regulatory penalties. This tool streamlines the self-assessment process by analyzing your security posture across network security, access controls, encryption, vulnerability management, and security policies.
The Compliance Checker is ideal for merchants, payment processors, service providers, security teams, and compliance officers who need to understand their PCI DSS compliance status, identify gaps in their security controls, and prioritize remediation efforts.
Usage
Sample Request:
CODEBLOCK0
Sample Response:
CODEBLOCK1
Endpoints
POST /pci-compliance
Description: Performs a PCI DSS compliance assessment based on the organization's payment processing environment and security controls.
Method: POST
Path: �INLINECODE0
Request Body:
The endpoint accepts a JSON object with the following properties:
| Parameter | Type | Required | Description |
|---|
| INLINECODE1 | string | Yes | Name of the organization undergoing assessment |
| INLINECODE2 |
string | Yes | Type of business (e.g., E-commerce Retailer, Payment Processor, Service Provider) |
|
company_size | string | Yes | Size of the organization (e.g., Small, Medium, Large, Enterprise) |
|
transaction_volume | string | Yes | Annual transaction volume (e.g., <1M, 1-5M, 5-10M, >10M transactions/year) |
|
card_brands | array[string] | Yes | List of payment card brands processed (e.g., Visa, Mastercard, American Express, Discover) |
|
processing_methods | array[string] | Yes | Payment processing methods (e.g., Online, Mail Order/Telephone, In-Person, Mobile) |
|
stores_card_data | boolean | Yes | Whether organization stores cardholder data |
|
transmits_card_data | boolean | Yes | Whether organization transmits cardholder data |
|
processes_card_data | boolean | Yes | Whether organization processes cardholder data |
|
ecommerce_website | boolean | Yes | Whether organization operates an e-commerce website |
|
physical_locations_pos | boolean | Yes | Whether organization operates physical POS locations |
|
mobile_payments | boolean | Yes | Whether organization accepts mobile payments |
|
third_party_processors | boolean | Yes | Whether organization uses third-party payment processors |
|
cloud_services | boolean | Yes | Whether organization uses cloud services for payment processing |
|
firewall_installed | boolean | Yes | Whether firewall is installed and configured |
|
default_passwords_changed | boolean | Yes | Whether all default passwords have been changed |
|
network_segmentation | boolean | Yes | Whether cardholder data environment is segmented from public network |
|
card_data_protected | boolean | Yes | Whether stored cardholder data is encrypted |
|
transmission_encrypted | boolean | Yes | Whether cardholder data transmission is encrypted |
|
cryptographic_keys | boolean | Yes | Whether cryptographic keys are securely managed |
|
antivirus_installed | boolean | Yes | Whether antivirus/malware protection is installed |
|
secure_systems_development | boolean | Yes | Whether secure development practices are followed |
|
vulnerability_management | boolean | Yes | Whether vulnerability management processes are in place |
|
access_controls_by_role | boolean | Yes | Whether access controls are based on business need and role |
|
unique_user_ids | boolean | Yes | Whether all users have unique user IDs |
|
multifactor_auth | boolean | Yes | Whether multi-factor authentication is implemented |
|
physical_access_restricted | boolean | Yes | Whether physical access to cardholder data facilities is restricted |
|
media_securely_handled | boolean | Yes | Whether media containing cardholder data is securely handled |
|
access_logged | boolean | Yes | Whether access to cardholder data is logged |
|
logs_regularly_reviewed | boolean | Yes | Whether logs are regularly reviewed |
|
log_integrity_protected | boolean | Yes | Whether log integrity is protected |
|
vulnerability_scans | boolean | Yes | Whether regular vulnerability scans are performed |
|
penetration_testing | boolean | Yes | Whether penetration testing is conducted annually |
|
network_monitoring | boolean | Yes | Whether network is monitored for unauthorized access |
|
security_policy_maintained | boolean | Yes | Whether information security policy is maintained and updated |
|
security_awareness_program | boolean | Yes | Whether security awareness training program is in place |
|
incident_response_plan | boolean | Yes | Whether incident response plan is documented and tested |
|
service_provider_monitoring | boolean | Yes | Whether service providers are monitored for compliance |
Response (200 OK):
Returns a JSON object containing the compliance assessment results, including:
- -
compliance_status: Overall compliance status (Compliant, Non-Compliant, Partial) - INLINECODE40�: Numeric compliance score (0-100)
- INLINECODE41�: Date of assessment
- INLINECODE42�: Organization name from request
- INLINECODE43�: Detailed assessment for each of the 12 PCI DSS requirements with status and individual scores
- INLINECODE44�: List of prioritized remediation recommendations
- INLINECODE45�: Guidance on follow-up actions
Response (422 Validation Error):
Returns validation errors if required fields are missing or invalid:
CODEBLOCK2
Pricing
| Plan | Calls/Day | Calls/Month | Price |
|---|
| Free | 5 | 50 | Free |
| Developer |
20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
About
ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
References
- - Kong Route: https://api.mkkpro.com/compliance/pci-dss-checker
- API Docs: https://api.mkkpro.com:8038/docs
概述
PCI DSS合规检查器是一款安全评估工具,旨在评估组织是否满足支付卡行业数据安全标准(PCI DSS)要求。该API接受关于您的支付处理基础设施、安全控制措施和运营实践的详细信息,然后对所有12项PCI DSS要求进行全面的合规分析。
处理支付卡数据的组织——无论是通过电子商务平台、实体销售点系统、移动支付还是第三方处理商——都必须保持PCI DSS合规,以保护持卡人数据并避免监管处罚。该工具通过分析您在网络安全、访问控制、加密、漏洞管理和安全策略方面的安全态势,简化了自我评估流程。
合规检查器非常适合需要了解其PCI DSS合规状态、识别安全控制措施差距并优先安排补救措施的商户、支付处理商、服务提供商、安全团队和合规官。
使用方法
示例请求:
json
{
organization_name: TechRetail Inc.,
business_type: E-commerce Retailer,
company_size: Medium (50-500 employees),
transaction_volume: 1-5 million transactions/year,
card_brands: [Visa, Mastercard, American Express],
processing_methods: [Online, Mail Order/Telephone],
storescarddata: true,
transmitscarddata: true,
processescarddata: true,
ecommerce_website: true,
physicallocationspos: false,
mobile_payments: true,
thirdpartyprocessors: true,
cloud_services: true,
firewall_installed: true,
defaultpasswordschanged: true,
network_segmentation: true,
carddataprotected: true,
transmission_encrypted: true,
cryptographic_keys: true,
antivirus_installed: true,
securesystemsdevelopment: true,
vulnerability_management: true,
accesscontrolsby_role: true,
uniqueuserids: true,
multifactor_auth: true,
physicalaccessrestricted: true,
mediasecurelyhandled: true,
access_logged: true,
logsregularlyreviewed: true,
logintegrityprotected: true,
vulnerability_scans: true,
penetration_testing: true,
network_monitoring: true,
securitypolicymaintained: true,
securityawarenessprogram: true,
incidentresponseplan: true,
serviceprovidermonitoring: true
}
示例响应:
json
{
compliance_status: Compliant,
overall_score: 98,
assessment_date: 2025-01-20,
organization: TechRetail Inc.,
requirement_summary: {
requirement_1: {
name: Install and maintain firewall configuration,
status: Compliant,
score: 100
},
requirement_2: {
name: Do not use vendor-supplied defaults,
status: Compliant,
score: 100
},
requirement_3: {
name: Protect stored cardholder data,
status: Compliant,
score: 100
},
requirement_4: {
name: Encrypt transmission of cardholder data,
status: Compliant,
score: 100
},
requirement_5: {
name: Protect systems against malware,
status: Compliant,
score: 100
},
requirement_6: {
name: Develop and maintain secure systems,
status: Compliant,
score: 100
},
requirement_7: {
name: Implement strong access control measures,
status: Compliant,
score: 95
},
requirement_8: {
name: Identify users and restrict access,
status: Compliant,
score: 100
},
requirement_9: {
name: Restrict physical access to cardholder data,
status: Compliant,
score: 100
},
requirement_10: {
name: Track and monitor access to cardholder data,
status: Compliant,
score: 95
},
requirement_11: {
name: Test security systems regularly,
status: Compliant,
score: 100
},
requirement_12: {
name: Maintain information security policy,
status: Compliant,
score: 100
}
},
recommendations: [
Continue conducting regular vulnerability scans and penetration tests.,
Maintain robust service provider monitoring programs.,
Schedule quarterly access control audits to ensure least privilege is maintained.
],
next_steps: Schedule annual compliance validation assessment.
}
端点
POST /pci-compliance
描述: 根据组织的支付处理环境和安全控制措施执行PCI DSS合规评估。
方法: POST
路径: /pci-compliance
请求体:
该端点接受一个包含以下属性的JSON对象:
| 参数 | 类型 | 必填 | 描述 |
|---|
| organizationname | string | 是 | 接受评估的组织名称 |
| businesstype |
string | 是 | 业务类型(例如:电子商务零售商、支付处理商、服务提供商) |
| company_size | string | 是 | 组织规模(例如:小型、中型、大型、企业级) |
| transaction_volume | string | 是 | 年度交易量(例如:<100万、100-500万、500-1000万、>1000万笔/年) |
| card_brands | array[string] | 是 | 处理的支付卡品牌列表(例如:Visa、Mastercard、American Express、Discover) |
| processing_methods | array[string] | 是 | 支付处理方法(例如:在线、邮购/电话、面对面、移动支付) |
| stores
carddata | boolean | 是 | 组织是否存储持卡人数据 |
| transmits
carddata | boolean | 是 | 组织是否传输持卡人数据 |
| processes
carddata | boolean | 是 | 组织是否处理持卡人数据 |
| ecommerce_website | boolean | 是 | 组织是否运营电子商务网站 |
| physical
locationspos | boolean | 是 | 组织是否运营实体POS地点 |
| mobile_payments | boolean | 是 | 组织是否接受移动支付 |
| third
partyprocessors | boolean | 是 | 组织是否使用第三方支付处理商 |
| cloud_services | boolean | 是 | 组织是否使用云服务进行支付处理 |
| firewall_installed | boolean | 是 | 是否安装并配置了防火墙 |
| default
passwordschanged | boolean | 是 | 是否已更改所有默认密码 |
| network_segmentation | boolean | 是 | 持卡人数据环境是否与公共网络隔离 |
| card
dataprotected | boolean | 是 | 存储的持卡人数据是否已加密 |
| transmission_encrypted | boolean | 是 | 持卡人数据传输是否已加密 |
| cryptographic_keys | boolean | 是 | 加密密钥是否得到安全管理 |
| antivirus_installed | boolean | 是 | 是否安装了防病毒/恶意软件保护 |
| secure
systemsdevelopment | boolean | 是 | 是否遵循安全开发实践 |
| vulnerability_management | boolean | 是 | 是否建立了漏洞管理流程 |
| access
controlsby_role | boolean | 是 | 访问控制是否基于业务需求和角色 |
| unique
userids | boolean | 是 | 所有用户是否拥有唯一的用户ID |
| multifactor_auth | boolean | 是 | 是否实施了多因素认证 |
| physical
accessrestricted | boolean | 是 | 对持卡人数据设施的物理访问是否受到限制 |
| media
securelyhandled | boolean | 是 | 包含持卡人数据的介质是否得到安全处理 |
| access_logged | boolean | 是 | 对持卡人数据的访问是否被记录 |
| logs
regularlyreviewed | boolean | 是 | 日志是否定期审查 |
| log
integrityprotected | boolean | 是 | 日志完整性是否受到保护 |
| vulnerability_scans | boolean | 是 | 是否定期执行漏洞扫描 |
|
