PCI DSS is a comprehensive security standard developed by the Payment Card Industry Security Standards Council that applies to all organisations that store, process, or transmit credit card data. The standard defines twelve high-level requirements covering areas such as network security, access control, encryption, vulnerability management, monitoring, and information security policies, with the goal of protecting cardholder data from theft and fraud.
Compliance with PCI DSS is mandatory for any organisation in the payment card ecosystem, with validation requirements ranging from self-assessment questionnaires for smaller merchants to on-site assessments by Qualified Security Assessors (QSAs) for large processors. Non-compliance can result in significant fines, increased transaction fees, and ultimately the revocation of the ability to process card payments.