PCI Standard - Payment Card Industry Data Security Standard

The Payment Card Industry (PCI) Data Security Standard resulted from a collaboration between Visa and MasterCard to create common industry security requirements. Other card companies operating in the U.S. have also endorsed the Standard within their respective programs

The benefit to aligning all these programs under a single standard is to create a commonly accepted set of industry measurements and tools. The result of which is a single validation process that will satisfy all the card associations. The intention of having a single set of standards to validate against makes it less complex for the merchant.

All entities that accept credit or debit card payment, collect, process or store credit card transaction information, regardless of their transaction volume, were required to meet the PCI standard by June 30, 2005. Failure to comply with the PCI security standard may result in substantial fines or permanent expulsion from card acceptance programs.

All Acquiring Banks (merchant banks) were also required to have received certified proof of PCI compliance from merchants with more than 20,000 transactions per year by June 30, 2005. This does not mean that only merchants with more than 20,000 transactions per year are required to meet the PCI standard. Acquiring Banks are required to have documented proof of compliance from these merchants, or be liable to fines themselves. Many banks are already requiring all merchants, regardless of transaction volume, to produce this Certification of PCI Compliance.

Reference:http://www.pcistandard.com