A company is seen to comply with the PCI DSS when it fulfils all of its applicable requirements. Although there is no legal obligation to comply with the PCI DSS, all the companies that store, process or transfer credit card data must respect it. Once a year, they must officially show that they comply with the PCI DSS. A PCI DSS certificate is then granted, valid for one year. This requirement stems from banking institutions and is initially monitored through the obligation of commercial banks and credit card processing entities to comply. These are service providers acting as intermediaries between commercial banks (purchaser) and the banks that issue cards for end users (issuers). As such, they manage the credit card transactions.