The Payment Card Industry Security Standards Council Data Security Standards (PCI) are a collection of security related software, hardware and process standards designed to improve the security of credit card information at every step of a transaction.  Online vendors who wish to make use of credit cards must conform to the appropriate standards and pass periodic audits by independent auditors approved by the PCI organization.

From the perspective of a vendor using credit cards to conduct business on-line, these standards define many aspects of how the credit card information is communicated, stored, and processed.  This includes encryptions methods, networking requirements, storage requirements, engineering development and testing processes, engineering maintenance processes, password security and even standards regarding physical access to the hardware (computer servers, computer storage, networking components, etc.) involved with storing and transacting credit cards.

For more information:

• The official PCI web site 
• A brief overview of the PCI standards by PCI
• An article discussing PCI and the Target breach
• An article about the target breach