Think of the Payment Card Industry Data Security Standards (PCI DSS) as an umbrella that covers any entity that stores, processes, or transmits cardholder data; and even extends to service providers with the ability to affect the security of the cardholder data environment.

PCI Compliance is a requirement for any entity that meets the description above, because it works for business continuity. On your journey toward compliance, it is important to remember that there is a difference between the PCI DSS Compliance and PCI DSS Compliance Validation. Complying with the PCI DSS is not a feat that can be conquered overnight; it is an IT project.

**
PCI Compliant graphic borrowed from Nettitude (credit https://www.nettitude.com/a-guide-to-starting-the-pci-dss-process/)