Re: Is PCI Compliance Mandatory




Short answer is yes, a longer answer is almost definetly.

http://www.pcistandard.com/

"Who is required to meet the PCI security standard?

All entities that accept credit or debit card payment, collect, process or store credit card transaction information, regardless of their transaction volume, were required to meet the PCI standard by June 30, 2005. Failure to comply with the PCI security standard may result in substantial fines or permanent expulsion from card acceptance programs."

I work with the standard every day, most of what's in there is common sense good practice for any organisation that stores or processes card information or other sensitive data.