Your Small Business Checklist for PCI Compliance

January 27, 2015 Updated: April 23, 2016

From the recent Home Depot breach to the Sony hack, cyber attacks are getting worse as technology progresses. And while you may think that your small business isn’t close to the size of Home Depot or Sony, it doesn’t mean that your company isn’t at risk. Since you have already worked hard to get and keep your customers, a breach in your system will only keep them from coming back, and this could be detrimental.

This is why it’s extremely important that your company become PCI compliant, especially if you handle credit card or online transactions. Most small business owners fail to do this because they think they either won’t get hacked or simply because they don’t know where to begin. Instead of putting your customers and their information at risk, use the following checklist to help your company become PCI compliant.

Talk with your bank

If your company processes credit card payments, reach out to the company, usually your bank, that processes these payments and ask them what you need to do in order to become compliant. Most banks have a set of standards and guidelines in place that you can do in order to increase the safety of your customers’ financial information.

Use a compliant web host

If your company has a website and your transactions are done via the website, you need to ensure that the host of your site is also PCI compliant. Do your research and look around for a web host that follows all PCI protocol. This way, your website will have an added layer of protection from breaches and hacks.

Don’t save client information in your office/on your servers

Although it may be a nuisance to continuously ask your clients for their banking information (especially clients who pay regularly), it’s still important that you don’t save financial information inside your building or on your servers. If you do, you are opening yourself up for a breach, and this can be damaging to your company. If you notice that customers are becoming frustrated with having to add this information every time, remind them you’re doing so for their safety.

Perform regular PCI compliance assessments

Every now and then, hire a professional company to perform a PCI compliance assessment of your company. These professionals have the tools and skills to test all of your programs and policies to see just how compliant your company really is. If they find an issue (and they might), they will also work with you to provide the right solution you need to ensure you are PCI compliant. This is a great way to ensure that you’re doing everything correctly and an added measure to keep client information safe.

Train your employees

Sometimes your employees may not realize they’re breaking a PCI compliance law, which is why it’s essential that you train new AND current employees on the law and the correct procedures to ensure compliance. Make sure that your employees aren’t accepting credit card information via email and that they’re not storing it anywhere on their computer or on your network. The more informed your employees, the better your company will be.