Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle payment card transactions and cardholder data. The standard is designed to reduce fraud and cardholder data theft. For firms handling large volumes of transactions, PCI DSS compliance requires an annual assessment by an external Qualified Security Assessor (QSA) or by a firm-specific Internal Security Assessor (ISA) that creates a Report on Compliance (ROC). For companies handling smaller volumes of transactions, the completion of a Self-Assessment Questionnaire (SAQ) demonstrates compliance.
PCI DSS encompasses hundreds of complex technical requirements, creating a challenging environment for achieving and maintaining compliance. Defining the scope for compliance assessment is critical at the outset. Further complications can result when changes to system architecture occur or when new technologies are introduced. With an expert partner to guide their compliance efforts and help them stay ahead of emerging threats in the rapidly changing payments industry, firms can ensure they are PCI DSS compliant and positioned to effectively manage and mitigate future risk.