If you accept and process card transactions, there are 12 basic requirements which apply to you:
- install and maintain a firewall configuration to protect cardholder data
- don’t use vendor-supplied defaults for system passwords and other security parameters
- protect stored cardholder data
- encrypt transmission of cardholder data across open public networks.
- use and regularly update anti-virus software or programs
- develop and maintain secure systems and applications
- restrict access to cardholder data by business need-to-know
- assign a unique ID to each person with computer access
- restrict physical access to cardholder data
- track and monitor all access to network resources and cardholder data.
- regularly test security systems and processes
- maintain a policy that addresses information security for employees and contractors.
You can read more about the basic standards on the PCI DSS website.