Read this comprehensive article at MCPress from our CTO that covers the i-specific considerations of accepting payments.
"Every business that accepts card data in any way is subject to the requirements of the PCI DSS, and the compliance requirements vary widely based on transaction volume, type of business, handling of the card data, and software applications."
"Some aspects of compliance are as simple as never storing magnetic stripe data or the card security code. Others are time-consuming, such as documenting every piece of infrastructure hardware, its firmware revision, and last update, and monitoring the logs of all systems on a periodic basis."
"10 Revealing Payment/Order Application Questions
1. Is your payment app validated to the Payment Application Data Security Standard (PA-DSS)?
2. Is a specific person assigned responsibility for handling all of the security compliance?