Payment Card Industry Data Security Standard (PCI-DSS) – Technically not a law. Created by the
payment card industry. The standard applies to cardholder data for both credit and debit cards.
Requires merchants and others to meet a minimum set of security requirements. Mandates security
policy, devices, control techniques, and monitoring.