PCI DSS stands for Payment Card Industry Data Security Standard, and is a worldwide security standard developed by the Payment Card Industry Security Standards Council.

The PCI security standards are technical and operational requirements that were created to help organizations that process card payments prevent credit card fraud, attacks, and various other security vulnerabilities and threats. The standards apply to all organizations that store, process or transmit cardholder data.

A company processing, storing, or transmitting cardholder data must be PCI DSS compliant. The PCI SSC council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined.

You will need a Qualified Security Assessor (QSA) to assess your security against PCI DSS and help you to verify compliance, manage your risk, protect customer data, avoid punitive measures and importantly stay in Business. PCI DSS also requires remote security testing of a merchant’s internet presence by an Approved Scanning Vendor (ASV). The ASV scans passively probe hosts, via the internet, that require auditing for PCI compliance.