(June 2017)
PCI-DSS (Payment Card Industry Data Security Standard) is a standard mandated by the credit card brands (Visa, Mastercard, AmEx). It’s designed to reduce faud.
Compliance must be validated annually. For merchants handling a small number of transactions, validation involves only a self-assessment questionnaire (SAQ). For merchants handling more transactions, an external QSA (qualified security assessor) or a firm-specific ISA (internal security assessor) must perform the validation.
PCI-DSS specifies twelve requirements for compliance, organized into six logically-related groups called “control objectives”.