Credit card data security standards
The credit card industry maintains the Payment Card Industry Data Security Standard (PCI-DSS). The PCI-DSS requirements help organizations proactively protect credit card information from being compromised.
The PCI-DSS requirements apply to all system components within the payment application environment. Any network device, host, or application included in or connected to a network segment that stores, processes, or transmits customer cardholder data (CHD) and other payment data related information must adhere to these requirements.
PCI compliance must be obtained by you, the merchant, as an assessment of your actual server (or hosting) environment. Obtaining PCI compliance is the responsibility of you, the merchant, and your hosting provider, working together, using PCI-compliant server architecture with proper hardware and software configurations and access control procedures.
With the a token system utilized by most credit card processors, including CenPOS and Stripe, CHD is no longer stored on your system. This allows you to maintain PCI DSS compliance, and reducing your scope for that part of a PCI compliance audit.
For more information on PCI compliance, including specific requirements, visit the Official PCI Security Standards Council Site.