Compliance Advice for Merchants Who Accept Credit Cards

Posted by: Rod Kurtz on December 23, 2009

Compliance with the Payment Card Industry data security standards applies to every merchant, no matter how small, who accepts credit cards or debit cards branded by Visa, MasterCard, Discover, American Express, or any of the other major card brands. It is important that small businesses take PCI compliance seriously and follow the guidelines that have been mandated by the major credit-card brands. Small businesses should consider the following tips:

1. Don’t ignore it, even if you think you’re too small to be affected. Smaller merchants have a lighter paperwork burden than large organizations, but failure to comply can, and does, lead to legal and financial risk, up to and including the risk of having your card-processing privileges revoked, leaving your company unable to accept customer payment cards.

2. Know your obligations. PCI is a highly technical and broad-ranging set of security requirements, covering everything from how you configure and manage your computers to how you train and manage your staff. The best place for smaller merchants to start is to look at the official self-assessment questionnaires created by the PCI council. These don’t cover everything you need to know, but they do give you a quick sense of what you need to do and what to worry about most.

3. Know your real goal (security, not compliance). At the end of the day, PCI is all about helping merchants protect their customers, so you shouldn’t be looking to do the bare minimum. Merchants who concentrate on their customers’ safety will have a better business and less risk, and they will find that PCI success comes almost as a painless symptom of doing the right thing.

Dr. Tim Cranny
CEO
Panoptic Security
Salt Lake City

Reader Comments

Gidi Argov

December 23, 2009 5:07 PM

Most of the card scams published are related to cyber attacks on stored credit card information, which makes many connect PCI compliance with computer security and digital data protection. In fact PCI compliance is all about the safekeeping of cardholder information, regardless of the method such information is stored. If you receive a MOTO order and write the cardholder info on a piece of paper, this data is subject to PCI compliance and must be treated accordingly.

Gidi Argov, Founder and CEO
www.CreditCardProcessing-r-us.com

Dan Keech

December 26, 2009 1:10 PM

Thanks! This is a timely article for me. I'm a Raleigh NC carpet cleaner who has just started accepting credit cards. I'll look up the PCI standards.

Post a comment

 

About

Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.

To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.

BW Mall - Sponsored Links

Buy a link now!