PCI Compliance Audit

What Does PCI Compliance Audit Mean?

A PCI compliance audit is a routine audit required of merchants that process credit card transactions to make sure that they are compliant with the Payment Card Industry Data Security Standard (PCI DSS) set up by various credit card companies. Merchants may undergo regular PCI compliance audits, or an alleged violation can trigger a particular audit.


Techopedia Explains PCI Compliance Audit

PCI compliance audits are done by qualified security assessors. These professionals look at point-of-sale systems and other parts of a business IT architecture to determine whether internal operations meet the standard for cardholder information security. Assessors give companies a risk assessment that shows them where they stand in terms of PCI compliance.

As with certain kinds of educational tests, there are many things that merchants can do to prepare for PCI compliance audits. They can, for example, use tools like a pre-audit assessment or checklist to make sure they are on track to full compliance with the PCI standard. Other recommendations involve centralization of data and good organizational processes on site, as well as full cooperation with assessors and other officials. The penalties for failing a PCI compliance audit are related to costs or contingencies that may be put in place by the credit card companies, on which merchants are generally dependent for revenue.


Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…