Compliance with PCI DSS is a contractual obligation.
• Explain how this differs from a regulatory obligation.
• Which takes precedence—a regulatory requirement or a contractual obligation? Explain your answer.
• Who enforces PCI compliance? How is it enforced?