PCI compliance is important, and not just for the sake of protecting credit card data. It’s a simple security standard that we should all be able to easily achieve using existing tools, techniques and technologies. And if your arguement is that you can’t afford to do it, then I’m not going to be buying anything through your online services.
I’ve commented on this subject before – and no doubt I’ll be doing so again – because being compliant with the PCI standard demonstrates more than just an ability to handle online payments, it’s a show of “superior security” that will reflect in your overall risk status.
There’s a great blog devoted to PCI here. I recommend it.