The Payment Card Industry (PCI) Security Standards Council (an organization formed by the card brands) created the PCI Data Security Standard (DSS) to ensure that businesses follow best practices for protecting their customers’ credit card information.
Businesses fitting one or more of the following criteria are subject to the PCI DSS requirements:
- A business that accepts credit or debit cards for payment, even if using a third-party vendor’s hardware, software or application to do so;
- A service provider that stores credit/debit card data on behalf of another business; and/or
- A hosting provider or other service provider that processes or transmits credit/debit card data on behalf of another business.