What is required for ensuring security on public-facing websites according to PCI DSS?

For ensuring security on public-facing websites according to PCI DSS, the implementation of secure code development practices and web application security controls is critical. This is because public-facing websites often handle sensitive information, including payment card data, which must be protected from various threats such as unauthorized access, data breaches, and code vulnerabilities.

Secure code development practices involve creating applications in a way that prioritizes security from the outset, helping to mitigate vulnerabilities before the website goes live. This means following programming best practices, regularly testing for security flaws, and employing measures like input validation, output encoding, and error handling to prevent security incidents.

Web application security controls further strengthen the website's security posture. These controls can include the use of firewalls, intrusion detection systems, and encryption protocols to ensure data integrity and confidentiality. By integrating these practices and controls, organizations help to safeguard not only their own data but also that of their customers, which is a fundamental requirement outlined in PCI DSS.

The other options, while they may contribute to a positive user experience or customer engagement, do not directly address the security requirements that are vital for protecting data and ensuring compliance with PCI DSS. Regular updates to webpage design, use of social media, and customer feedback surveys do not focus on the technical security measures