The standard was created to better control cardholder data and reduce credit card fraud.
Systems considered within the scope of this standard are those that interact with, contain, or affect cardholder data. These systems should be evaluated for their compliance with PCI DSS. The appropriate level of protection is determined by analyzing the flow of cardholder data within an organization.
Any merchant who receives card payments must reassess PCI scope at least annually. As part of the scoping review, all cardholder data flows must be redefined, along with any systems that are linked to the cardholder environment or which could potentially compromise it.
PCI Security Standards Council
PCI DSS and related security standards are administered by the , which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. on September 7, 2006, in order to manage the ongoing evolution of the PCI DSS.
The Council is responsible for managing the security standards, while the Council's founding members, which are the card brands, enforce the PCI standards that govern them.