The PCI DSS (Payment Card Industry Data Security Standard) is administered by the PCI SSC (Security Standards Council) to decrease payment card fraud across the Internet and increase payment card data security. Organisations that accept, store, transmit or process cardholder data must comply with the PCI DSS.

PCI DSS applies for Murchants as well if have subcontracted all PCI DSS activities to a third party, they must ensure all contracted parties comply with standards. PCI DSS is also applies to Services Providers and Software Developers if they transmit or store cardholder data, or their activities affect the security of card holder as it is being processed, transmitted and stored.