C3 Blog

Many small business owners are the ones obligated to wear the “IT hat” in their organization. And why not? When you’re a growing business, hiring IT help for daily operations just isn’t a high priority - or in the budget. Instead, with a little bit of research, many business owners feel they (or their office manager) can handle all the IT basics on their own or with on-call help.

But if your business transmits or stores credit card data, it is subject to PCI DSS compliance—and the do-it-yourself IT route gets complicated (and expensive) real fast.

This is Part 2 in a 2-part series on the 12 requirements of PCI DSS. For Part 1, click here.

Last week we started our review of the first 6 of the 12 requirements of the Payment Card Industry Data Security Standard (PCI DSS). Just to recap, these are the rules regarding information security that every business must follow if it wants to continue accepting credit or debit cards. Today we’ll be covering the final 6 requirements:

This is Part 1 in a 2-part series on the 12 requirements of PCI DSS.

If you run a small business that handles credit and debit cards, your business is subject to the rules of the Payment Card Industry Data Security Standard (PCI DSS). Most small business owners know by now that they need to be PCI compliant—but many aren’t sure what the PCI DSS even is, never mind how to comply.

PCI DSS (Payment Card Industry Data Security Standard) was created to protect cardholder data and prevent credit card fraud by requiring all merchants or businesses who transmit, process, or store credit card data to use strong technical safeguards.

There are 12 main requirements outlined in the official standards. In this post, we’ll tackle the first six: