The Payment Card Industry Security Standards Council (PCI SSC) develops and maintains the Data Security Standard (DSS) to improve the protection of payment account data. The retailer was not completely aware of the level of charges for different types of transaction and the precise contractual obligations and risks (e.g. for fraudulent transactions) they had adopted. The effort to make the existing system PCI DSS compliant was found to be one or two orders of magnitude greater than moving the payments to a third-party's PCI DSS compliant system. By moving cardholder data out of the retailer's environment and to a third-party, the future risks to cardholder data, and the resulting potential extra costs, fines, increased transaction charges and loss of trust by consumers, will be reduced.