PCI compliance may not be on every small merchant's mind, but it is important for both their security and their bottom line. After all, the Payment Card Industry Security Standards Council levies penalties as high as $100,000 per month for those that do not follow its standards.
PC World contributor Eric Geier offers some tips for businesses considering PCI compliance in his recent article. Though he admits that the requirements can come across as overly complex, there are some steps small business owners can take to ease the process.
First, it's important to choose a PCI compliant web host. Some will make this information public, while others will force you to jump through hoops and make several phone calls before you get an answer. In addition, note that less expensive shared hosting plans will make it more difficult to comply, though not impossible.
It's important to reduce what Geier calls the Cardholder Data Environment. This refers to the number of computers that cardholder information passes through. Obviously, every additional computer increases the chance of a security breach. Geier's solution is to use dial-up credit card terminals. While this may seem a bit old-fashioned, this system will greatly reduce the number of computers necessary. However, while a dial-up service can still assist today's business users, it's important to note that credit card terminals are not an ideal solution for processing Level 3 data. If merchants don't submit Level 3 data when they process transactions, they can't qualify for the lowest possible interchange rate.
Ultimately, the best solution for PCI compliance is payment tokenization, because it can store information offsite by protecting it from targeted attacks. Working with a payment solutions provider will allow merchants to obtain the tools needed to be PCI compliant while still processing Level 3 data and qualifying for the lowest interchange rate.