About the PCI Security Standards

The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security, and to facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements that are designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing. This includes merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process, or transmit cardholder data. PCI DSS comprises a minimum set of requirements for protecting cardholder data, and may be enhanced by additional controls and practices to further mitigate risks. The twelve requirements and subrequirements for PCI DSS compliance apply to all system components around technology and security, particularly that of the protection of cardholder data.