What is PCI DSS?
PCI DSS is the Payment Card Industry Data Security Standard. The standard was developed a few years ago by the big 5 credit card schemes, Visa, Mastercard, American Express, JCB and Discover. The PCI standard is a security standard specifically designed to protect credit card information. Although during its development it roughly followed ISO27001 with regard to general security controls, the PCI standard differs from the ISO standard in that it gets specific about particular technologies used to protect credit card information.
For example, the PCI standard dictates that you must use encryption at an appropriate level to protect the PAN (Primary Account Number), which is the card number, usually 16 digits in length across the middle of the card when it is in storage and when it is communicated. The ISO standard does not dictate when or where encryption should be used, but what it is good for is ensuring that you have good controls in place for the management of encryption should you wish to deploy it.
A second example would be that the ISO standard does not determine what information you can and cannot store or communicate, it simply gives you a list of controls which will help you to do so safely and securely. The PCI standard on the other hand will not allow you to store certain types of credit card information, such as the contents of the magnetic stripe, the contents of the chip on a chip and PIN card or the CVV2 security number which is printed on the signature strip of the credit card.
So, although both the ISO27001 and PCI Data Security Standards are both based on best practice, their approaches are different.