I’m new to PCI and compliance issues so please bear with my ignorance here…
I’m getting ready to setup a website and I want to make sure that I’m compliant with PCI DSS standards. Someone told me that the password requirements are identified in section 8 of the PCI DSS standards and I’m confused as to whether we need to implement those or not. (8.2.3 for example.)
My question for the experts here is since we do not store credit card information, we merely transmit it to the payment processor, should the password requirements meet the standards setforth in PCI DSS section 8?
I look forward to your assistance with this!