Which regulation is recognized as the global security standard for entities handling cardholder data?

The correct answer is PCI, which stands for the Payment Card Industry Data Security Standard (PCI DSS). This set of security standards is designed specifically to ensure that all organizations that accept, process, store, or transmit credit card information maintain a secure environment.

PCI DSS addresses various aspects of security, such as building and maintaining a secure network, implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy. Given the sensitive nature of cardholder data, adhering to PCI is crucial for minimizing risks related to data breaches and fraud that can affect not only businesses but also consumers.

Other options are relevant in the context of data protection but do not specifically focus on cardholder data. For example, GDPR relates to data protection and privacy in the European Union, HIPAA deals with healthcare data privacy in the United States, and ISO 27001 is a standard for information security management systems (ISMS) but does not target the payment card industry specifically. Thus, the PCI standard stands out as the global benchmark for security in the handling of cardholder data, making it the correct choice.