PCI compliance is required of all merchants and service providers that store, process, or transmit cardholder data. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce. To achieve compliance with PCI, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands. This Standard is a result of collaboration between American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International and is designed to create common industry security requirements, incorporating the PCI requirements. Other card companies operating in the U.S. have also endorsed the PCI Data Security Standard within their respective programs. See the standard here.