>You should work to be PCI compliant
http://www.pcicomplianceguide.org/>
>One thing to be aware of, if you get hacked, the credit card companies can cancel your agreement with them.
>
>
>>I know, I know, avoid if at all possible and use something like Authorize.NET.
>>
>>I'm being asked to store CC info in our DBs to perform recurring billing. "We're compliant" has been said and I've been told to use our broken encryption libraries to encrypt it. I need some info to throw back. Links to laws (state of Iowa), etc.
Highly unlikely.