Section 6.5 of the Data Security Standard
Security lapses in by some merchants and institutions handling credit card data enable criminals to easily steal and use personal consumer financial information from payment card transactions and processing systems. If you organizations is a key participant in payment card transactions, it is imperative that you use standard security procedures and technologies to thwart theft of cardholder data.
The Payment Card Industry Data Security Standard (PCI DSS) apply to any organization handling credit card data in the US. Attaining compliance requires you to pass a rigorous audit from a licensed auditor, to ensure you network and practices meet the industry's best practices. In particular, section 6.5 of the standard requires you to:
"Address common coding vulnerabilities in software-development processes as follows: Train developers at least annually in up-to-date secure coding techniques, including how to avoid common coding vulnerabilities. Develop applications based on secure coding guidelines."
This page describes how Hacksplaining can help you meet this requirement. Don't forget to purchase an Enterprise license if you need evidence of completion!
6.5.1 Injection flaws, particularly SQL injection. Also consider OS Command Injection, LDAP and XPath injection flaws as well as other injection flaws
6.5.3 Insecure cryptographic storage
You should be using encryption-at-rest to store sensitive financial data (especially PANs). Hacksplaining recommends that your development team is familiar with the technology used to achieve this. Below are some useful links:
6.5.6 All "high risk" vulnerabilities identified in the vulnerability identification process
See the OWASP Top 10 for vulnerabilities you will likely need to cover.