PCI compliance is not required as a punishment for merchants, adding another tedious task to your list of responsibilities. The PCI DSS (payment card industry data security standard) was not developed as an attempt to frustrate and confuse business owners and merchants to make the day more stressful. It was developed because business owners and merchants simply are not concerned enough about data security. As I said, the idea isn’t to increase your stress level, but if your stress level with regard to data security is hovering near zero, then something is wrong.
You say you don’t even use a computer at your business, don’t store credit card numbers in paper or electronic format? Well that’s great in the sense that not having a computer network with sensitive authentication or other customer data that can be stolen by a cyber thief does indeed greatly reduce your exposure to certain types of data theft. But does that mean you don’t have to bother with making sure your business is PCI compliant? Since your business records are all on paper and you are very small anyway and don’t do a lot of credit card volume, you think you are protected by being to small to be noticed or targeted by a cyber criminal? Think again! Your very complacency and slight regard for the import and necessity of the PCI DSS are what makes you a prime target for data thieves.
It is a natural human tendency to only focus on the big stories where gigantic banks or other financial services companies are breached by teams of high-tech criminally minded hackers that we see on the news. These types of huge breaches are perpetrated by super advanced computer programmers, usually in concert with others, and are carefully planned and timed for maximum effect. But the percentage of cyber criminals with that level of skill and the right contacts is infinitesimally small. The vast majority of cyber thieves are of average or below average skill & have not got the time, inclination or (as I mentioned) proper skills to orchestrate large scale data theft. Just like the rest of us, the typical hacker is lazy (otherwise they might try their hand at an honest living) and your cute little mom and pop operation is just the right size and oh so much easier a target, especially if you aren’t PCI compliant.
PCI compliance is required for any merchant processing any credit cards, regardless of volume, but it also just makes good sense. See our home page for information on how you can protect your business by becoming PCI compliant. Best of all, it’s free!