The goal of the Payment Card Industry Data Security Standard (PCI) is to protect cardholder information from abuse. While the standard does not make any technology recommendations, its requirements line up with best practices for how payment card information should be handled, communicated, and stored in order to sufficiently secure it.
Most people find that there are a number of solutions, appliances, and tools available to protect cardholder information as it is sent over data lines and stored on a database server. Attackers who are seeking to steal this information are well aware that these two areas are well-protected, so they go after the one source that is more susceptible to a breach – the user and their accounts.
In order to make sure that you are protecting how the payment card information your business collects is properly secured, you need to make identity management a foundation of your PCI compliance program.