What small businesses need to know about PCI Compliance

PCI is an industry standard set by the PCI Security Standards Council. PCI stands for Payment Card Industry.

Essentially, it provides a set of things that every business needs to do if they are involved with credit cards. Merchants, software developers, payment processors, etc all need to pay attention and abide by PCI standards. It is for the protection of card holders and everyone else in the credit card industry.

Being a small business owner, you already have a ton to worry about. So, we’re trying to simplify it here. There are 12 core requirements that you should know about.

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Use and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for employees and contractors

In the end, it is about keeping your store or environment secure. It is possible to get fined if you do not abide by these rules. Even worse, it is possible to lose your ability to accept credit cards.