Payment card industry (PCI) standard, or PCI DSS, is one of the best things to happen to the security of consumer data. Each of the 12 main requirements and corresponding specifics are extremely pragmatic and can be classified as information security 101. The primary purpose of PCI is to force organizations to embrace common security controls. Compliance with the standard brings real benefits; its far less costly to prevent attacks than it is to clean up after a breach. But surprisingly, there seems to be a cabal that has made it its duty to attack PCI rather than embrace it.”]
Source: https://www.csoonline.com/article/2121734/pci-is-security-simplicity–not-complexity.html