In 2010, much stricter rules for credit card processing came into effect called PCI DSS (Payment Card Industry Data Security Standards). One key aspect of PCI DSS is that any application that handles credit card numbers must be PCI DSS certified. Sage developed a new PCI DSS compliant service called Sage Exchange. The key point of this inegration is that Sage's payment solution will be the only application that handles the credit card numbers; Sage Accpac never touches them. Consequently, Sage Accpac will not need to be PCI DSS certified; only Sage Exchange does (and it has been). There are other compliance regulations that companies need to adhere to, but these handle the parts to do with the credit card processing software.