PCI DSS (Payment Card Industry Data Security Standard) is the security standard applied to any organization that stores, processes, or transmits credit card data. The standard is maintained by the PCI Security Standards Council (founded by Visa, Mastercard, American Express, Discover, and JCB).
Most customer portals avoid PCI scope by integrating with payment processors like Stripe, Adyen, or Braintree that handle card data and shield the portal from most PCI requirements. This is the recommended pattern — taking on PCI scope yourself is operationally expensive and rarely justified.