If the developer writes code that handles credit card information, absolutely. Most organizations utilize third parties to handle credit card info so they don't have to be PCI compliant. Even then, it helps to know something about PCI because the developer may be storing more information than needed.<p>In general I think every developer should receive secure coding training. Most developers don't...
If you develop a site that takes payment via credit card, even when processed by a third party processor, it's pretty irresponsible not to be familiar with it. Even if you're only attesting to being a SAQ A merchant, you'll want to know why. There's not that much too it, and it's really the minimum you should be thinking about.<p>That said, we'd all live in a better world of every web developer knew the OWASP recommendations inside and out. I can dream.