Payment Card Industry Data Security Standard (PCI DSS) compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information.
PCI DSS compliance is required by all card brands.
The Payment Card Industry Security Standards Council (PCI SSC) develops and manages the PCI standards and associated education and awareness efforts. The PCI SSC is an open global forum, with the five founding credit card companies -- American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. -- responsible for carrying out the organization's work.
There are 12 main requirements in six overarching goals for PCI DSS compliance. According to the PCI SSC, a vendor must complete the following tasks as part of its PCI compliance checklist:
Goal 1. Build and maintain a secure network.
Goal 2: Protect cardholder data.
Goal 3: Maintain a vulnerability management program.
Goal 4: Implement strong access control measures.
Goal 5: Regularly monitor and test networks.
Goal 6: Maintain an information security policy.