Any person or organization who accepts credit card payments online (or offline) is required to abide by PCI security standards.  It doesn’t matter if you accept only one payment a year … or millions.  Everyone who accepts, stores, or processes credit card information is required to be secure … no one is “too small”.  Also, all “deadlines” for compliance are far past — everyone has to be secure now.

PCI (Payment Card Industry) security standards are a collection of very rigorous best practices for securing the flow of, storage of, and access to sensitive credit card information.  In particular, this applies to: the credit card numbers, expiration dates,  CCV validation codes (and other information in the magnetic stripe).

Read the rest of this post »

The Credit Card Industry imposes a set of security standards knows as PCI/DSS (Payment Card Industry Data Security Standard).  The purpose of this standard is to ensure that any company accepting credit cards from consumers takes all appropriate security measures to ensure that this information is protected from hackers and information leakage.

Read the rest of this post »

The short answer is “no” … unless you need to support web browsers 8+ years old on computers that cannot be patched or upgraded and which are not in the USA or Canada. 

Read the rest of this post »