The PCI DSS is a minimum set of technical and organizational requirements designed to help businesses protect customers’ cardholder data against fraud through robust payment security. All organizations that accept or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication and access management.
Independent and qualified experts (auditors) apply the following auditing techniques:
Evaluation of the organization’s requirements and/or documentation to ensure the systematic control of all processes relevant for the handling and management of payment card information.
Verification in the form of interviews on-site at the customer's premises that the above requirements are effectively implemented in practice.
Assessment of the configuration of the relevant system by performing appropriate random tests if necessary.