PCI DSS Compliance Blog: PCI DSS for Small Business

« PA-DSS in 2010 – Are you Prepared? | Main | How to Learn about PCI Compliance »

02/02/2010

PCI DSS for Small Business

Surf forums on PCI compliance and you’ll quickly come across a plea for help from a small business owner on sorting out how to comply with PCI DSS.  Especially for mom and pop shops, PCI DSS compliance can be a daunting process.

Small-business-owner One way to ease the process of PCI DSS compliance for your small business is to select a payment processing solution that removes the storage of credit and debit card data from your computer system to a secure data storage facility.  Using end-to-end encryption and tokenization technology, all that's left on the system is a unique identifier (token) that points to the actual credit card data without containing any sensitive information itself. This allows small business owners to securely process recurring bills and transfers all risk of cardholder data storage. If the system was ever breached, the data stored on location would be completely unusable to data thieves.

The advantage of removing cardholder data from your location – in addition to this decrease in risk of a data breach – is the ability to complete a much less time and resource intense PCI SAQ.  The PCI SAQ is an annual self assessment questionnaire that all level 2, 3 and 4 merchants who accept credit or debit card payment must complete.  Merchants who process cardholder data but do not store it on their computer system can fill out SAQ C – a 16 page questionnaire comprised of 41 questions – compared to SAQ D, a 31 page questionnaire comprised of 223 questions.

Read more about how to become PCI compliant and PCI SAQ Made Easy

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010534b0dc03970c012876f07ea3970c

Listed below are links to weblogs that reference PCI DSS for Small Business:

Comments

Hi All,

I am the Marketing Associate for a small IT consulting group in Manhattan and one major campaign is the PCI Complaince. Where may I find information regarding the SAQ C 41 Question form?

Thanks,

Kim

The comments to this entry are closed.

Search Blog


Your email address:

Bookmark and Share




Resources

About PCI DSS Compliance Blog

Email Us

PCI Compliance Resources

Industry News on Twitter


Visit Element on