The Payment Card Industry Data Security Standard (PCI) is a standard based on the Visa Account Information Security program (AIS, and its sister program CISP), MasterCard Site Data Protection program (SDP), American Express, Security Operating Policy (DSOP), Discover Information Security and Compliance (DISC), and JCB security standards.

Therefore PCI is far more stringent than any of the above and is a requirement for all businesses involved in the handling of credit card information, not just payment gateways and the like.

These guidelines have been brought in to secure card payments across industry and cover any method of acceptance of a card transaction, whether customer present or not present, Internet or chip and PIN. Failure to comply can result in fines, restrictions being imposed by the card brand, or the merchant or service provider can be prohibited from accepting the card. Beyond compliance, true business risks relative to brand, customer loyalty and company valuation exist if the payment data is not securely managed.

In short these guidelines have focussed merchants and system providers on the security of their systems when it comes to the acceptance of card data and how it is stored and used.

The PCI Data Security Standard consists of a set of basic requirements supported by more detailed sub-requirements: