Why there’s a need for PCI DSS The PCI DSS was developed to limit credit card fraud. PCI Compliance is however more about security, than compliance. The objective of PCI Compliance is to confirm that security standards are met when processing customer payments, as well as for customer data management.
Verification of PCI Compliance is checked annually by a QSA (Qualified Security Assessor), who creates a ROC (Report on Compliance). Although this is generally for companies handling millions of transactions, companies with less volume are only required to fill in a (SAQ) Self-Assessment Questionnaire as the means of reporting PCI Compliance.