PCI DSS is the payment card industry security standard protecting cardholder data. Key requirements: FW, no default credentials, protect stored data, encrypt transmission, AV, secure systems, access control, monitor, test, security policy.
PCI DSS has 12 requirements. Applies to any organization storing, processing, or transmitting cardholder data. Non-compliance = losing ability to accept card payments + fines. Tokenization removes data from PCI scope. Annual assessment by QSA (Qualified Security Assessor) for large merchants.