The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.
The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.
Validation of compliance is performed annually or quarterly,[better source needed] by a method suited to the volume of transactions handled:
Self-Assessment Questionnaire (SAQ) — smaller volumes
external Qualified Security Assessor (QSA) — moderate volumes; involves an Attestation on Compliance (AOC)
firm-specific Internal Security Assessor (ISA) — larger volumes; involves issuing a Report on Compliance (ROC)