Sooner or later, almost every business comes in contact with credit card data. In 2007 every business who process or transmits credit card data needs to be in compliance with PCI DSS (Payment Card Industry Data Security Standard). PCI DSS is a worldwide requirement to enhance payment account data security.
To be in compliance, controls need to be put in place to protect credit card information. Some examples of types of controls used could be as simple as having an anti-virus software on your computers, not allowing employees to have flash drives, encrypt transmission of cardholder data that travel across open networks, assigning unique ID's to persons with computer acess, and restrict access to what data is needed to know.
More than half a billion records have been breached since 2005. For every compromised record, it can cost a company approximately $204 in expenses, 69% relates to lost business or damages to business reputations, according to the Ponemon Institute.
Business's that fail to comply with PCI DSS can face fines up to $500,000 if the data is lost or stolen. More and more states are going to pop up with credit card protection laws as politicians fight for consumer rights.