Payment Card Industry Data Security Standards
PCI security standards are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data.
The Council is responsible for managing the security standards, while compliance is enforced by the founding members of the Council, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
The standards apply to all businesses that store, process or transmit cardholder data. If you are a merchant who accepts or processes payment cards, you must comply with the PCI DSS.
Each payment card brand has defined specific requirements for compliance validation and reporting, such as provisions for performing self-assessments and when to engage a Qualified Security Assessor.
The Self-Assessment Questionnaire (SAQ) is a validation tool for eligible organisations who self-assess their PCI DSS compliance and who are not required to submit a Report on Compliance (ROC). Different SAQs are available for various business environments.
Monetary penalties may be incurred for failing to meet the standard.