Well here i am at my new job, i'm currently doing some self training with their training resources and a few questions have come up.
1. I know there are international requirments for capture and storage of credit card details on websites as outlined here http://en.wikipedia.org/wiki/PCI_DSS
What I would like to get is a link to a document that outlines the legal requirements of any australian company to follow these requirements.
2. Obviously all sites that capture information regarding a person i.e. there personal details and credit cards need to have an SSL Certificate. But is this enough? Is there another level of security that should be used on a site when capturing detais, credit card details in particular? Or is an SSL certificate enough?
If anybody can help that would be great.