PCI DSS for Small Business
Surf forums on PCI compliance and you’ll quickly come across a plea for help from a small business owner on sorting out how to comply with PCI DSS. Especially for mom and pop shops, PCI DSS compliance can be a daunting process.
One way to ease the process of PCI DSS compliance for your small business is to select a payment processing solution that removes the storage of credit and debit card data from your computer system to a secure data storage facility. Using end-to-end encryption and tokenization technology, all that's left on the system is a unique identifier (token) that points to the actual credit card data without containing any sensitive information itself. This allows small business owners to securely process recurring bills and transfers all risk of cardholder data storage. If the system was ever breached, the data stored on location would be completely unusable to data thieves.
The advantage of removing cardholder data from your location – in addition to this decrease in risk of a data breach – is the ability to complete a much less time and resource intense PCI SAQ. The PCI SAQ is an annual self assessment questionnaire that all level 2, 3 and 4 merchants who accept credit or debit card payment must complete. Merchants who process cardholder data but do not store it on their computer system can fill out SAQ C – a 16 page questionnaire comprised of 41 questions – compared to SAQ D, a 31 page questionnaire comprised of 223 questions.
Read more about how to become PCI compliant and PCI SAQ Made Easy.
Hi All,
I am the Marketing Associate for a small IT consulting group in Manhattan and one major campaign is the PCI Complaince. Where may I find information regarding the SAQ C 41 Question form?
Thanks,
Kim
Posted by: Kim Jawin | 06/01/2010 at 07:25 AM
This document should help you:
https://www.pcisecuritystandards.org/docs/saq_c_v1-1.doc
Posted by: Element Payment Services | 06/01/2010 at 10:46 AM