PCI data refers to payment card industry data. The Payment Card Industry Data Security Standard (PCI DSS) is administered by a special council which aims to secure credit card holder data and prevent fraud. Any organization that handles a significant amount of credit card data must file a Report on Compliance. The PCI Security Standards Council's official publication imposes 12 requirements:
Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Requirement 3: Protect stored cardholder data Requirement 4: Encrypt transmission of cardholder data across open, public networks Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs Requirement 6: Develop and maintain secure systems and applications Requirement 7: Restrict access to cardholder data by business need to know Requirement 8: Identify and authenticate access to system Requirement 9: Restrict physical access to cardholder data Requirement 10: Track and monitor all access to network resources and cardholder Requirement 11: Regularly test security systems and processes.
Requirement 12: Maintain a policy that addresses information security for all personnel