Hacker News new | past | comments | ask | show | jobs | submit login

PCI [1] is actually an international industry standard that defines security practices for payment card processing. For example, it requires that your system is behind a firewall, that credit card numbers are stored securely, etc. Your system must be audited annually by a certified consultant. Stripe is -- presumably -- already compliant, since they already run a business that processes credit cards.

[1] http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Secu...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact