Carrie Minnich in her July 27, 201 post on DWD’s Mission Minded Blog addresses Payment Card Industry Data Security Standards (PCI DSS). She explains that there are a number of requirements and most importantly is to protect the cardholder’s data. This data should not be stored unless it is required for business needs. Information that is stored needs to be restricted and only accessible with a password or encryption.
To read the requirements, what can be stored, and what data cannot be stored, read Carrie’s full blog post here.