Who needs to comply with PCI DSS?
The goal of the PCI Data Security Standard (PCI DSS) is to protect cardholder data (CHD) and sensitive authentication data (SAD) wherever it is processed, stored or transmitted. Maintaining payment security is required for all organizations that store, process or transmit cardholder data.
The PCI Security standards include technical and operational requirements for
- Organizations accepting or processing payment transactions
- Software developers and manufacturers of applications and devices used in those transactions
PCI 3.2.1, which was released in May 2018, is the current version that covered organizations have to adhere to.
Validation of compliance is performed annually or quarterly, by a method suited to the organization’s merchant level designation, which is a function of the annual volume of credit card transactions handled.