Outside auditors, not internal ones, should validate whether midsize-to-large merchants are in compliance with the data storage protection standards of MasterCard, Visa, American Express, and Discover according to Forrester, writes Internet Retailer. June 30 was the deadline for complying with the combined standards—the Payment Card Industry Data Security Standard, or PCI—which outline the steps that online merchants must take to protect customers' confidential data, including credit card numbers. "We just don't think that internal staff would have the necessary knowledge to identify…security flaws," says a Forrester analyst.