A few of our people may be in the business of accepting credit card payments, and may be interested in "new standards" that are emerging(?).

From a recent newsletter (18 APR 2007):

"The last several years have seen an unprecedented assault on personal and financial data that customers have knowingly or unwittingly entrusted to retailers, banks, service providers and credit card companies. To counter this onslaught, the payment card industry created a homegrown security initiative that is at once broader in scope and more granular in its requirements than any measures additional government regulation might have imposed. The Payment Card Industry Data Security Standard (PCI) is a comprehensive security standard that establishes common processes and precautions for handling, processing, storing and transmitting credit card data."

A "White Paper" is offered at:

Winning the PCI Compliance Battle - A Guide for Merchants and Member Service Providers from Qualys. The link is to a download site where there are several other items listed that may or may not be of interest. From that site, there's a "Download" button that gets you a PDF, 7 pages, 304 KB.

No registration required for the download, so far as I can see. (the site has my particulars from previous "logins" but didn't ask for it this time).

The first couple of pages, where the "PCI requirements" for persons and/or businesses accepting credit card payments are outlined, will be most likely to be of inteest. The rest is largely a sales pitch, but may be interesting as a "sample" of what's available, although I think that the system pitched is aimed at larger mass-marketing systems.

There are some pretty scary "specs" for small businesses, that may be worth being aware of, although individual circumstances will determine whether they really apply to anyone's business.

Those concerned can take a look at the paper. The rest of us will likely just p. & m. about the sad state of the credit industry.

John