<Tr> <Td> </Td> <Td> This article needs additional citations for verification . Please help improve this article by adding citations to reliable sources . Unsourced material may be challenged and removed . (October 2017) (Learn how and when to remove this template message) </Td> </Tr> <P> The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes . </P> <P> The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council . The standard was created to increase controls around cardholder data to reduce credit card fraud . Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) or by a firm specific Internal Security Assessor that creates a Report on Compliance for organizations handling large volumes of transactions, or by Self - Assessment Questionnaire (SAQ) for companies handling smaller volumes . </P> <P> Five different programs: Visa's Cardholder Information Security Program, MasterCard's Site Data Protection, American Express's Data Security Operating Policy, Discover's Information Security and Compliance, and the JCB's Data Security Program were started by card companies . The intentions of each were roughly similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data . </P>

Who is responsible for ensuring merchant compliance with pci dss