Font Size: 

This paper describes methodology of finding potential risks of bank's noncompliance with Payment Card Industry Data Security Standard (PCI DSS) v2.0 mandatory security requirements. For different types of information assets or security requirements it is necessary to apply different methods of security risk assessment or different standards for specific environment. In this paper, PCI DSS security requirements are explained, Analytic Hierarchy Process (AHP) technique is used as a groundwork to decide which PCI requirements are the most critical and the OCTAVE method is used for formal risk assessment of the most significant PCI requirement in case the requirement is not satisfied. Both, AHP technique and OCTAVE method are applied to a real case scenario in the bank before conducting PCI auditing process.