Introducing students to industry standards supports one of the basic aspects of constructivism in that using standards in the classroom provides real world and authentic information from which students can develop, or construct, knowledge. Since students come to the classroom with some familiarity with data security, use of the PCI DSS requirements in classroom activities provides the means by which students can explore new information that both challenges and enhances their preexisting concepts of security. The challenges students face in ranking the difficulty of PCI DSS compliance for business represents a challenge that is also experienced by business owners. Before information systems students are able to help businesses manage risks associated with accepting credit cards, it is important to first educate them about the PCI DSS requirements. Using the constructivist approach, the first step is to understand where students are before creating activities to take them further. This paper presents a study that examines students' perceptions of the PCI DSS requirements. Specifically, the data illustrates the desire to know what students thought about the difficulties business face when complying with the 12 requirements in the PCI DSS in order to allow students to explore the complexities of data security.