"The security of customer payment data is not just a payment brand issue but is the responsibility of all businesses that participate in the payment process. All merchants and service providers that store, process and transmit payment card data are required by the payment brands to comply with the PCI Data Security Standard - their customers expect it and their reputations depend on it." (PCI Security Standards Council)
The PCI DSS is demonstrably becoming a de facto standard of due care for any organization responsible for the privacy and integrity of data. As a result of the recent high-profile data breaches, the PCI DSS has increased the focus on application security, where insecure applications have proved to be the point of access for hackers, and the source of data loss.
