As of June 2008, if your business processes credit card payments, you are required to comply with new security standards to prevent fraud, hacking, and various other security vulnerabilities and
Any company or government agency that processes, stores, or transmits payment card data must comply with the Payment Card Industry Data Security Standard, a set of requirements to enhance data security. Some of the PCI standards are common sense, such as building and maintaining a secure network through common practices and not using vendor-supplied defaults for system passwords.
In early 2007, TJX Companies, a discount retailer of apparel and home products with stores such as TJMaxx and Marshalls, reported one of the largest data breaches ever, with an estimated 45.6 million credit and debit card numbers stolen from one of its systems. The cost has been severe for the retail giant, whose settlement required it to pay an estimated $65 million to MasterCard and Visa card users. The settlement with the Federal Trade Commission also requires the company to retain independent auditors to asses its security every other year for 20 years.