The PCI DSS standard (Payment Card Industry Data Security Standard) is a private initiative enforced by Visa, Mastercard, American Express, and Discover.
PCI requires stringent security on all networks and connected devices that handle, store, or transmit electronic payment information. Penalties are typically governed by credit card agreements – and they can be exceedingly harsh.
In February 2015, the US Congressional Research Service published a thoughtful and comprehensive paper on the subject, which is available at:
This paper includes a discussion of the Target and JP Morgan breaches, among others.
A slightly different perspective is contained in this paper: http://www.darkreading.com/risk/compliance/target-pci-auditor-trustwave-sued-by-banks/d/d-id/1127936f
Like HIPAA in the medical field, PCI is really a collection of best practices, but 90% of PCI compliance relates to maintaining a fully secure network environment.
We can secure your network and help train your people to greatly reduce or eliminate your PCI exposure.