If you collect credit card information directly on your website either through a gateway / authorize.net / PayPal Web Payments Pro, then your business should be following PCI Compliance regulations.

In a very small nutshell, below are just a few of the requirements you should be following:
1. HONESTLY and TRUTHFULLY fill out a SAQ questionaire annually
2. Have security scans done at least quarterly on your website and make sure that any security flaws are addressed by your hosting company
3. Have the latest versions of software (including operating systems) on your office computer
4. Have the latest versions of softwares operating on your website
5. Change passwords every 90 days

There are many many more requirements, I have just addressed a few. To find out more about PCI Compliance, visit https://www.pcisecuritystandards.org

While business owners may moan and groan about these regulations, they have come about for a reason. To prottect your customer's credit card and sensitive information as well as to protect the business owner from getting sued because that information is NOT being protected.