The PCI council developed the Payment Card Industry Data Security Standard. This helps organizations that processing credit card transactions to prevent credit card fraud by increased controls over the data. This standard applies to all organizations with hold, process or transmit cardholder data.
To be in compliance the merchant must have annual compliance reviews. Reviews can be done internally or externally depending on the volume of credit card transactions. Larger volume merchants will have an independent assessor or a Qualified Security Assessor do the review. Smaller ones can use the Self Assessment Questionnaire.
There are ways to remove or lower your PCI compliance level.
- Accept eCheck only
- Use tokenization instead of credit card numbers
- Use your providers web payment page