Tuesday, May 18, 2010

Even small businesses must adhere to PCI Standards

In the current issue of Forbes, David Carr points out that "The PCI rules [regarding data security] really represent the minimum security standards businesses must meet to be fair to their customers, who, after all, are trusting the merchant every time they hand over a credit card number."

He notes that "Many small businesses are still under the impression that the rules don't apply to them because they're too small, or because they don't conduct e-commerce. Actually, the rules apply to any business--and even any nonprofit--that takes credit card payments. You can look for ways to lighten the compliance burden, but you can't get yourself off the hook entirely. Even if no one has yet compelled you to complete a questionnaire or conduct an automated scan of your networks, you're still supposed to be locking down your systems."

If you don't fully understand the PCI requirements, or think you don't have to bother with them, read Carr's brief article and take appropriate action NOW!

No comments:

Web Analytics