Explain that the Payment Card Industry (PCI) Security Standards Council offers a standard of performance to which participating organizations must comply. Point out that it is not a law, but is a standard designed to enhance the security of customers’ account data.
Review the six areas that the PCI DSS addresses with respect to security policies, procedures, and management, as well as technical software and networking specifications.
Build and maintain a secure network and systems
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy