Many online sellers are complacent about security until disaster strikes. AspDotNetStorefront wants to avoid disaster on your behalf, and v10 has been built for the protection of both storeowner and shopper.
One modern myth is the belief that a domain that doesn't store credit cards has no PCI responsibility. That's far from true.
It's certainly true that if credit card details are only flashing through the checkout before being safely handed off to a payment gateway, there is only a small window of time when your storefront is vulnerable. Still, the more transactions you take, the more your vulnerability grows.
Think very carefully about your policy on telephone orders, recurring orders, credit card storage etc. Orders are GOOD things, and AspDotNetStorefront allows you to handle your payment application intelligently and securely.
Please read our complete section on security in this console for details of how to set up your store for a high degree of security.