The Payment Card Industry Data Security Standard (PCI DSS) is a self-regulated industry standard set by credit card merchants such as MasterCard and Visa for securing credit card information. Companies that suffer from a breach and are found to have failed compliance are heavily penalized, and in extreme cases, even barred from working with certain payment card brands. The latest released PCI DSS regulation (v3) provides best practices and methodologies to comply with PCI on an ongoing basis. As a mandate, PCI covers various layers of protection and lists out 12 various requirements that companies need to comply with, where each requirement is detailed and prescriptive. How can you implement PCI DSS requirements during your in-house secure application development process? In this article, we look at the different relevant application security requirements (and subrequirements), the issues to consider during development and how Checkmarx addresses the relevant compliance requirements.