If your business stores, processes, or transmits data from payment cards, then you are subject to the requirements of the PCI DSS. This set of security controls is designed to help merchants combat data theft, protecting both consumers and merchants’ own reputations. When a business fails to satisfy those rules, they can be subject to significant financial penalties. But who exactly is in charge of enforcing PCI?
This is a point of confusion for many merchants. The answer explains a great deal about how PCI actually works.