You would have to become versed in PCI compliance and the ins/outs of different levels of that to know if your solution is 100% in line with what the latest security guidance is.

Any company that does a lot of CC processing could be a candidate, throw a dart at the Fortune 500 list and you'll likely hit one. Typically those types of companies expect enterprise solutions.

Small businesses might be a better starting point in that space but they won't have deep pockets. This thread [0] gives a perspective of PCI compliance challenge, security scans, etc.

PCI is just one aspect that I thought of where your solution might fit, there are probably other similar information security pain points you could explore.

[0] https://security.stackexchange.com/questions/214513/being-to...