Regulatory Compliance: Yet another regulation to follow
The Payment Card Industry (credit-card issuers) have created their own set of regulations that e-commerce sites must follow if they're to continue processing credit card payments. The regs are pretty good -- a 12-point checklist of areas that need to be covered. For example, Do not use vendor default passwords on IT products and Uniquely authenticate each person accessing computer systems. It's a great idea, but is yet another regulation that needs to be dealt with.
http://www.ecommercetimes.com/story/113003FF5PFJ.xhtml
