What: Any company that accepts, processes, stores or transmits credit card information is required to comply with the Payment Card Industry (PCI) standards. These are a set of standards designed for you to maintain a secure payment processing environment.
Who: Any business that accepts, transmits, or stores cardholder data. In other words if you accept credit/debit cards as a form of payment, then PCI compliance applies to you.