Security standard established by major credit card companies requiring organizations that handle cardholder data to maintain secure environments and protect payment information.
PCI DSS requirements directly address insider risk through access controls (Requirement 7), unique user IDs (Requirement 8), and activity monitoring (Requirement 10). Requirement 12 mandates security awareness training for all personnel. Insider threats to cardholder data environments can result in significant fines, forensic investigation costs, and loss of payment processing capabilities. Level 1 merchants face fines up to $100,000 per month for non-compliance.