What is PCI and how does it apply to my organization?
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect payment account data. PCI DSS applies to all entities involved in payment card processing — including, but not limited to, merchants, processors, acquirers, issuers, and service providers. In short, PCI DSS applies to all entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Most small organizations are eligible to fill out Self-Assessment Questionnaires (SAQs). These SAQs and other relevant documents can be found in the official PCI Document Library.