The Payment Card Industry Data Security Standards (PCI DSS) are a set of 12 regulations developed jointly by Visa, MasterCard, Discover and American Express to prevent consumer data theft and reduce online fraud. Compliance with these standards is mandatory for any organization that stores, transmits or processes credit card transactions. This sweeping requirement means all merchants; service providers and payment card network members must be compliant if they wish to continue accepting payments with those credit card types. To demonstrate compliance, merchants and service providers need to:
(i) have quarterly network scans conducted by a PCI approved scanning vendor
(ii) complete an annual self-assessment questionnaire confirming the implementation of a vulnerability management program.
Merchants conducting over 20,000 transactions per year need to have an annual on-site audit by a Qualified Security Assessor