One in two merchants in Australia is not aware of their obligations to protect their customers' personal financial information. The Payment Card Industry Data Security Standard (PCI-DSS) is a global standard governed by the major credit card companies. PCI-DSS requirements apply to any organisation accepting credit card payments, but also provide a valuable framework for any organisation to protect data and reduce fraud. This session will detail the protective measures specified by PCI-DSS and illustrate how these measures can be implemented using application firewall technologies.