The Payment Card Industries Data Security Standard (PCI-DSS) was established by Visa, MasterCard and others to protect cardholder payment data. Any business that accepts or processes payment cards must comply with the PCI DSS. It is a security best-practices approach that covers six major security goals such as “Build and Maintain a Secure Network” or “Maintain an Information Security Policy” through 12 requirements.

Compliance with PCI DSS has to be audited by an independent assessor on a yearly basis. Additionally, a quarterly security scan by an independent Approved Scanning Vendor has to be carried out over the Internet to help identify vulnerabilities and misconfigurations of web sites, applications and IT infrastructure connected to or reachable over the Internet.