Tuesday, June 01, 2010

Payment Card Compliance Guide: small businesses that process cards should check it out

I got an email today from a company that thought that I process credit cards. I don’t, but the (Payment Card) PCI Compliance Guide, Facts and Myths, is well worth reading, with link here.

Note that there are four levels of merchants. A small business or non-profit that only occasionally takes cards (credit and/or debit) is at level 4 (it sounds like something out of sci-fi). But a data breach can escalate the level, or result in fines that could put a small operator out of business.

A business owner who processes no cards but funnels all his or her activity to Amazon, BN, Ebay, etc. would not be affected, because then his site does not need to record any personal or credit-related information. That is the case with me.

Some small local “bricks and mortar” businesses still take no cards. A local barber shop here in Arlington VA does not; same for a family restaurant I stumbled on in Glassboro NJ.

No comments: