Web and database security present some of the most complex and costly barriers to compliance with the Payment Card Industry Data Security Standard (PCI DSS). Issues like secure Web application software development, database encryption, and database transaction auditing in high performance production environments cannot be addressed by simply adjusting system configurations or documenting policy for an existing process. These issues have architectural and human resource implications that significantly impact IT budgets.