The PCI DSS stresses the importance of information security in the modern age of high-speed transactions and technologically advanced criminals. If someone were to appropriate a customer's sensitive information illegally, they could do serious harm to that customer – and in the end, damage to your business as well.

Information security is a key component of many requirements of the PCI DSS. Customers now expect a certain level of security before they will trust you with their information. As more and more security breaches reach the public notice, customers will become more weary, and more savvy as to how they guard their important information. If they can't trust a merchant to guard their data, they will do it themselves, and that will most likely happen in the form of just not giving it out. And that's not good for any business.

Major principles of information security consist of maintaining confidentiality and integrity. Confidentiality implies that if a consumer entrusts sensitive data to you, you must do everything possible to protect it. This means that disclosure is not an option. For many transactions, personal information must be used. As a merchant you must not allow unauthorized disclosure whether accidental or on purpose.

The integrity of a system refers to business practices that do not allow any unauthorized personnel to create, modify, or delete any sensitive data. This loss of integrity can occur through various means, including malicious criminal activity, accidents through improper precautions, or viruses or other malware.

The PCI DSS (Payment Card Industry Data Security Standard) was created to help merchants achieve a sufficient level of information security and secure business practices. Any company that stores, transmits, or processes credit card information is required to become compliant or risk a range of fines and penalties.

There are 12 requirements to the PCI DSS, and each of them contribute to the integrity of your information security system.

You begin by installing a firewall to control the traffic that can get into your system. You must also be sure to change any vendor-supplied passwords that may have come as defaults on your system.

Next comes the protection of cardholder data. Information security can depend on strong encryption. This includes encryption on data stored on your system as well as data that is in transit.

Then, to guard against viruses and other invasive programs, you need to make sure you have updated anti-virus software and employ and maintain secure systems and applications.

Access to this critical data must also be strictly controlled. This means only people with a business need-to-know should have access, and each person who does have access must have a unique ID assigned to them. Physical access must also be restricted so criminals can't walk out with hard copies or hardware.

Tracking and logging procedures should also be implemented. This way, should your information security happen to be breached, you can discover how it was done, and set in motion the proper procedures to rectify the problem. And all these procedures also need to be regularly tested and updated.

Once these practices are in place, you are almost PCI compliant. You still have to maintain a policy that addresses information security. In other words, to maintain the integrity and confidentiality of personal information, you need to settle on the right practices and make sure that everyone in the company knows and understands their own responsibilities in preserving information security.