The Payment Card Industry Data Security Standard (PCI DSS) is a set of Information Security Standards formed in 2004 by major credit card companies including Visa, MasterCard, Discover Financial Services, JCB International, and American Express. Governed by the Payment Card Industry Security Standards Council (PCI SSC), the Standard aims to secure the process of credit card and debit card transactions against theft/fraud. Although, the set Standard is not a legal obligation, but is a requirement to safeguard cardholder data and Debit/Credit card transactions. So, all organizations that accept and process Debit/Credit card payments are expected to undertake an annual PCI DSS Audit. This would typically include an audit of security controls and processes, covering data security such as retention, encryption, physical security, authentication, and access management.
