Any person or organization who accepts credit card payments online (or offline) is required to abide by PCI security standards.  It doesn’t matter if you accept only one payment a year … or millions.  Everyone who accepts, stores, or processes credit card information is required to be secure … no one is “too small”.  Also, all “deadlines” for compliance are far past — everyone has to be secure now.

PCI (Payment Card Industry) security standards are a collection of very rigorous best practices for securing the flow of, storage of, and access to sensitive credit card information.  In particular, this applies to: the credit card numbers, expiration dates,  CCV validation codes (and other information in the magnetic stripe).

Read the rest of this post »