Payment Card Industry Data Security Standards (PCI DSS) compliance means many different things to many people. And after all, it should, based on the complexities of truly understanding what the phrase “PCI Compliance” or being “PCI compliant” really means.
For an ounce of clarity, remember this. All merchants that fall into Level 1 of the transaction volume parameters for PCI will have to undertake an on-site PCI DSS assessment by a Qualified Security Assessor; somebody who has gone through the training and certification process by the Payment Card Industry Security Standards Council (PCI SSC).
“Most” other levels (and i stress most, because there are exceptions) can conduct their own self-assessment for PCI compliance. The world “self” is misleading because most organizations trying to comply will need assistance from a PCI QSA.
To learn more about PCI DSS, visit pciassessment.org.