If you accept credit or debit cards as a form of payment, then PCI compliance applies to you. The storage of card data is risky, so if you don’t store card data, then becoming secure and compliant may be easier. Find the PCI DSS Standard document here.
In-scope cards include any debit, credit, and pre-paid cards branded with one of the five card association/brand logos that participate in the Payment Card Industry Security Standards Council (PCI SSC) – American Express, Discover, JCB, MasterCard, and Visa International.
Most merchants that need to store credit card data are doing it for recurring billing. The best way to store credit card data for recurring billing is by utilizing a third party credit card vault and tokenization provider. By utilizing a vault, the card data is removed from your possession and you are given back a “token” that can be used for the purpose of recurring billing. By using a third party, you move the risk of storing card data to someone who specializes in doing that and has all of the security controls in place to keep the card data safe.
