This is the first in a series of articles that we will make available in an effort to help you better understand PCI compliance, how it affects you, and how to navigate through its somewhat confusing requirements.
If you’re a small business, but not a user of our ProductCart e-commerce software, read on: much of the content will be helpful to many small businesses, regardless of which shopping cart software you are using.
So let’s get started.
First of all, let’s answer the mother of all PCI compliance questions: do you need to be compliant? Yes, all merchants, whether small or large, need to be PCI compliant. That said, the way to proof your compliance status changes depending on how much business you are doing (i.e. your merchant “level”) and how you are handling it under a payment processing point of view.
Therefore, the very first step is to find out your merchant level, as defined by the major credit card companies. The following links will help you answer that question:
In these articles we are going to focus on small businesses. In most cases, you will fall under the definition of a Merchant Level 4. Let’s assume that is the case and move forward under that assumption.
Let’s first clarify an important point: all merchants are required to be PCI compliant. Being a “level 4 merchant” does not mean that you are not required to be PCI compliant. It simply means that you may not be required to get your compliance status validated (or submit proof of it) as often as a bigger merchant.
Next step:
- Self-assessment questionnaire
- Network security scan
- Compliance validation
In the next article, we’ll talk about the self-assessment questionnaire. You will need to fill out a different questionnaire depending on how you process payments, and we’ll explain how to find out which one applies to you. We’ll publish this second article in a few days, so you have time to digest all this stuff… (if you want, you can be notified when it’s ready through Twitter).
We hope this helps!