The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council.   The PCI DSS was created by global credit card companies MasterCard and Visa, and has been adopted by other major payment card service providers. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.  The PCI Standard aims to reduce the volume of payment card fraud by preventing direct theft or misuse of cardholder account data, and also to reduce the broader problem of identity theft.  The following control objectives must be in place to assure PCI-DSS requirements are being met through a proven process:

• Build and Maintain a Secure Network

• Protect Card Holder Data with encryption

• Implement a Vulnerability Management Program

• Implement Strong Access Control Measure

• Regularly Monitor and Test Networks

• Maintain an Information Security Policy

The PCI standard is a contractual obligation that consists of a set of 12 rules for the secure handling of credit card information.  

For more information:  https://www.pcisecuritystandards.org