Firsthand account why PCI DSS compliance is important

Payment Card Industry Data Security Standards 1.1 (PCI DSS) continuing their efforts to assure that retailer merchants and all who presses, transmit, and transverse credit cards adopt the credit card data protection standards mandated by the (PCI) Security Standards Council. Even if organization do not operate an online web site (which must comply with the PCI DSS despite already having an SSL secure certificate) so long as an organization uses the internet to connect to a payment portal for online processing of agency service charges, a system for sales transactions, a web-based storage or back-up facility accounting or customer profile data, or any other Internet-facing portal or application (including standard e-mail) used in the transmission of credit card data and cardholder information, the organization must comply with the PCI DSS 1.1.

(60 MINUTES) Hi-Tech Heist: How Hi-Tech Thieves Stole Millions of Customer Financial Records

Consumers often feel safer using their credit cards in stores than online, where hackers are notorious for stealing personal information. But is it really safer? It's becoming a big problem. The retail industry got a wake-up call earlier this year, when TJX, the parent company of T.J. Maxx and Marshalls, disclosed it had suffered the worst high-tech heist in shopping history. Hackers raided the company's computer system, taking off with tens of millions of records. And what we have learned is: TJX could have prevented it.