Payment Card Industry (PCI) compliance is a set of standards developed by a group called the PCI Council to help ensure that any business choosing to accept credit cards as a form of payment for their goods or services appropriately protects their customer's payment card information from theft or malicious use. Although the PCI Council, organized by the major card brands, including VISA, MasterCard, Discover, American Express, and JCB, is the governing body who issues these standards, their enforcement is done through the card brands themselves. These standards consist of practices designed to assist merchants of all sizes manage the looming threat of a data breach followed by the frustration and potential fines that follow.
A data breach for many mid to small sized businesses can end up being fatal.
Although these standards are written with the intent to be understanding to all merchants, the level technical complexity involved to comply is simply not comprehendible by the majority of small to mid-sized merchants whose primary focus is to run their business. PCI compliance is widely viewed by these merchants as a frustrating nuisance with many parts seeming to be written in a foreign language.