(June 2017)

PCI-DSS (Payment Card Industry Data Security Standard) is a standard mandated by the credit card brands (Visa, Mastercard, AmEx). It’s designed to reduce faud.

Compliance must be validated annually. For merchants handling a small number of transactions, validation involves only a self-assessment questionnaire (SAQ). For merchants handling more transactions, an external QSA (qualified security assessor) or a firm-specific ISA (internal security assessor) must perform the validation.

PCI-DSS specifies twelve requirements for compliance, organized into six logically-related groups called “control objectives”.