The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council and its use is mandated by the card brands. The standard was created to better control cardholder data and reduce credit card fraud.
Validation of compliance is performed annually or quarterly,[better source needed] by a method suited to the volume of transactions handled:
- Self-Assessment Questionnaire (SAQ)
- Firm-specific Internal Security Assessor (ISA)
- External Qualified Security Assessor (QSA)