Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
A PCI compliance audit is a routine audit required of merchants that process credit card transactions to make sure that they are compliant with the Payment Card Industry Data Security Standard (PCI DSS) set up by various credit card companies. Merchants may undergo regular PCI compliance audits, or an alleged violation can trigger a particular audit.
PCI compliance audits are done by qualified security assessors. These professionals look at point-of-sale systems and other parts of a business IT architecture to determine whether internal operations meet the standard for cardholder information security. Assessors give companies a risk assessment that shows them where they stand in terms of PCI compliance.
As with certain kinds of educational tests, there are many things that merchants can do to prepare for PCI compliance audits. They can, for example, use tools like a pre-audit assessment or checklist to make sure they are on track to full compliance with the PCI standard. Other recommendations involve centralization of data and good organizational processes on site, as well as full cooperation with assessors and other officials. The penalties for failing a PCI compliance audit are related to costs or contingencies that may be put in place by the credit card companies, on which merchants are generally dependent for revenue.