[PCI DSS 3.0] 10.2.1 All individual user accesses to cardholder data

10.2.1 All individual user accesses to cardholder data

10.2.1 Verify all individual access to cardholder data is logged.

Malicious individuals could obtain knowledge of a user account with access to systems in the CDE, or they could create a new, unauthorized account in order to access cardholder data. A record of all individual accesses to cardholder data can identify which accounts may have been compromised or misused.