If your business accepts credit or debit payments, it’s likely that you’re required to comply with the Payment Card Industry Data Security Standard. PCI DSS was created in 2006 to establish minimum data security measures for organizations around the world that hold, process, or exchange cardholder information from any of the major card brands. These security measures are reviewed and revised on a rotating two-year schedule to be sure they remain adequate in protecting sensitive data.
Becoming PCI-compliant may mean incurring new costs, but finding the right resources and technology can help you avoid incurring unnecessary costs. Said differently, it is possible to spend too much money on security. Fortunately, resources are available to help small businesses reduce the cost and complexity of PCI compliance so you can focus on cash flow, profitability, and customer service. Consider the following.
Talk to your acquiring bank or knowledgeable business payments adviser. These companies may have resources available to help you achieve and maintain your compliance.
1. Reduce your vulnerabilities. Every computer system, filing cabinet, or application that uses or stores sensitive card data falls under PCI compliance purview. If possible, limit data usage to applications directly pertaining to payments (e.g. transaction authentication, daily settlements).
2. Weigh your technology decision carefully. Look for flexible, technology-agnostic solutions—ones that work with your system regardless of your point-of-sale hardware, card association, or processing relationship—and solutions that effectively remove data from your environment while allowing access when needed.
3. Make a long-term commitment. Develop a thorough, proactive compliance strategy to protect your business’s future. Protecting customer card data requires ongoing effort.
Investing in data security measures can help safeguard your business even as it protects customer data. High-profile data breaches serve as a reminder that the cost of prevention is likely far less than the potentially devastating costs of a data breach or other major violation.
Vice-President, Merchant Product Management
Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.
To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.