The Payment Card Industry (PCI) Data Security Standard (PCIDSS) and Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standards are created to provide organizations that process card payments ways and methods to prevent credit card fraud through increased internal controls around data and its exposure to compromise and theft.
We have the Payment Card Industry Data Security Standard you need. The standards apply to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the four major card brands, VISA, MasterCard, American Express and Discover Card.
Validation and certification of compliance can be performed either internally or externally, with the assistance of our Payment Card Industry Data Security Standard, depending on the volume of card transactions the merchant organization is handling, but regardless of the size of the organization, compliance must be assessed annually.
Organizations handling large volumes of transactions, see chart above, must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of self-certification via a Self-Assessment Questionnaire (SAQ). In some regions these SAQs still require signoff by a QSA for submission.
The current version of the PCI DSS specifies 12 requirements for compliance, organized into six logically related groups, which are called "control objectives."