When processing payments and handling transaction data, you need to ensure your solution is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS).
PCI DSS aims to protect customer data from unauthorised access and ultimately to reduce the risk of fraud when processing payments online. It establishes requirements and best practices that all merchants must follow when handling sensitive payment credentials. The standard is administered by the Payment Card Industry Security Standards Council, a group that currently consists of Visa, Mastercard, American Express, Discover and JCB.
Before your system begins to process transactions with sensitive data, you should review the following resources with a contact from your acquiring bank to identify the exact requirements your solution is expected to meet. These requirements are primarily determined by the level associated with your solution, a criteria assigned based on the volume of transactions your solution processes over a 12 month period.