Assign a unique ID to each person with computer access.

Restrict access to cardholder data to on a need-to-know basis.

Encrypt transmission of cardholder data across open or public networks.

Each location must require validating PCI compliance if business has multiple locations.

Protect stored cardholder data.