SmallBizTechnology.com reports that if you accept credit card data you must be compliant with the credit card companies guidelines. This is referred to as Payment Card Industry (PCI) compliance. You can find a lot of information at the PCI Security Standards Council web site.
Of course one option is to NOT store credit card information. You might ask, how is that possible. Well one solution is to use a product or service that serves as an intermediary and encrypts the credit card information and sends the data to a 3rd party for storage.
1. Don’t ignore it, even if you think you’re too small to be affected
2. Know your obligations
3. Know your real goal (security, not compliance)
4. Be proactive
5. Simplify
6. Limit the scope
7. Don’t store cardholder data unless you absolutely have to
8. Don’t use unnecessary technology
9. No silver bullets
10. It never goes away
Photo by LotusHead