What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) for organizations handling branded credit cards from major card schemes is an information security standard.
The PCI Standard is mandated by card brands and managed by the Security Standards Council of the Payment Card Industry. In order to reduce credit card fraud, the standard was created to increase controls around cardholder data.
Compliance validation is conducted annually or quarterly, either by an external Qualified Security Assessor (QSA) or by a company-specific Internal Security Assessor (ISA) who creates a Compliance Report for organizations dealing with large volumes of transactions, or by a Self-Assessment Questionnaire (SAQ) for smaller volume companies.