← All glossary terms
Compliance and Verification

PCI DSS

Glossary Updated 5 Jul 2026

PCI DSS, the Payment Card Industry Data Security Standard, is the security standard every business that stores, processes or transmits card data must meet, maintained by the card networks’ joint council. Requirements scale with volume through compliance levels, from self assessment questionnaires for smaller merchants to annual on site audits at the top.

Why it matters

For most merchants the practical strategy is scope reduction: using hosted payment fields or tokenization so card data never touches your systems, which shrinks the compliance burden dramatically. The stakes for getting it wrong are concrete rather than theoretical: breach costs and fines flow through the acquirer, non compliant merchants pay monthly penalties, and a compromise that traces to your systems is one of the MATCH list reason codes, code 12, though it is also the code with a documented path to early removal after remediation. High risk merchants, already paying for elevated scrutiny, should treat PCI scope reduction as one of the few compliance costs that goes down over time.

Related terms

Go deeper