If your organization accepts credit cards, you are required to comply with PCI-DSS (Payment Card Industry Data Security Standards). This can seem ominous, so here are some tips to help you.
First of all, do your best not to handle any credit card numbers if you can help it. For example, if you use a shopping cart such as 1AutomationWiz and you never handle any credit cards in person, then your PCI compliance is much easier. In this example, if the number of cards you process is small enough that you can use a self assessment questionnaire, the number of questions you need to answer drops from 224 to just 15 questions—a huge simplification of the amount of work you need to do to become PCI-DSS compliant!
Before you invest a lot of time making your organization PCI–DSS compliant, first take time to simplify how you accept and process credit cards. You may find that changing some of your business practices, without causing more work for you or inconveniencing your customers, can make PCI compliance even easier.
For example, at one time, I sold books and CD learning kits in the back of the room while speaking. I’ve stopped doing that now to simplify meeting PCI-DSS regulations. If I ever decide to accept credit cards again at events, my compliance will be more complicated.
Have you changed your business processes to be more PCI compliant?
Please post your comments on this blog.