There are new requirements for any organization that processes credit card payments: Payment Card Industry (PCI) Standards.
PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PSI SSC) to protect cardholder data. The standards apply to all organizations that store, process or transmit cardholder data. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa, Inc.
PCI Data Security Standard (DSS)
The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If your organization accepts or processes payment cards, you must comply with PCI DSS.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer/donor account data.
PCI Quick Reference Guide, understanding the Payrment Card Industry Data Security Standards
For more information, go to the PCI Security Standards website.