The PCI Data Security Standard (DSS) is considered a must, and is a minimum security requirement for organizations that deal with credit card information or online payment practices. There are 12 security requirements, plus two additional requirements, for the shared hosting providers and TLS:

• Requirement 1: Install and maintain a firewall configuration to protect the cardholder data
• Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
• Requirement 3: Protect stored cardholder data
• Requirement 4: Encrypt transmission of cardholder data across open, public networks
• Requirement 5: Use and regularly update antivirus software or programs
• Requirement 6: Develop and maintain secure ...