The PCI Standard is a mandatory global standard established by the Card Associations to ensure the protection of cardholder data. Based on twelve guidelines, the PCI Standard requires merchants to make their physical and virtual environments secure to ensure protection of cardholder data. As a merchant accepting credit cards as a form of payment, you are required by the Card Associations to adhere to the PCI Standard. The PCI standard encompasses the security programs from Visa and MasterCard, CISP and SDP, respectively.

The PCI standard sets technology requirements such as the use of data encryption, end-user access control, and activity monitoring and logging. It also includes procedural mandates, such as the need to implement formal and documented security policies and vulnerability-management programs. Compliance with the standard applies to all types of merchants, retail, mo/to, and Internet. All merchants need to follow best practices for storage and destruction of all paper or electronic records containing account numbers or cardholder data. Additionally, merchant service providers processing credit cards need to be PCI compliant.