PCI stands for Payment Card Industry. ThePCI Security Standards Council (PCI SSC) , is an independent body that was created by the major payment card brands (Visa, MasterCard, American Express). It manages and administers the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards designed to ensure that ALL merchants who process, store or transmit payment card information maintain a secure environment. However, it is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI SSC.

The PCI DSS applies to all merchants who accept, transmit or store any cardholder data regardless of size or number of transactions.

The current documents can be found on the PCI SSC website.

Yes. Just by using a third-party service provider it does not exclude a merchant from PCI DSS compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance. However, it does not mean they can ignore the PCI DSS.

Each business unit belonging to the Commerce Group will be contacted by Financial Services to begin the annual SAQ process.
The Manager, Commerce & Receivables will oversee the Business Unit portion for PCI compliance.