Any merchant that accepts credit or debit card payments is likely familiar with the Payment Card Industry Data Security Standard. Managed by the PCI Security Standards Council (of which all the major U.S. card issuers are members), PCI DSS sets forth requirements for how card-based transactions are processed.
It mandates, among other requirements, the creation and testing of a secure network. Many of its stipulations – such as avoiding vendor defaults for passwords and encrypting cardholder data when it passes over public networks like the Internet – also double as good general cyber security advice.
