As a Level 1 Service Provider, Infusionsoft must comply with a rigorous set of standards designed to protect the payment card information that touches its systems. As of 2008, the Payment Card Industry Data Security Standard to which Infusionsoft must comply is the PCI DSS version 1.1. This standard outlines specific requirements for keeping cardholder data secure, such as the use of data encryption, network firewalls, and secure processes in transmission, storage, and disposal of payment card data.
Infusionsoft must pass periodic third-party audits and tests in order to maintain PCI compliance on an ongoing basis.
If you have any questions about how PCI compliance affects you, The PCI DSS version 1.1 can be found online at https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm.