Tool and resources to help small merchants improve payment card data security

Get a copy of the upcoming book "Secure Operations Technology"

Small merchants continue to be a primary target for cybercriminals. According to the Verizon Data Breach Investigations Report, 61% of breached organizations surveyed were small businesses.

These highly-targeted businesses often do not have the technical knowledge needed to effectively manage security against these attacks – which is why the PCI Security Standards Council launched updated educational resources and a new tool aimed at helping small business owners protect their customer’s payment card data.

improve payment card data security

The PCI Data Security Essentials Evaluation Tool was born from the need to create a simpler way for small merchants to evaluate how they are addressing critical security risks for their specific payment environment. This online tool and accompanying evaluation forms provide a preliminary evaluation of a small merchant’s security posture.

“Faced with rapid advancements in payment technologies, small merchants have to first select the right payment acceptance method to meet the needs of their customer and then have confidence that they, or more likely, their payment service provider are doing enough to protect their customer’s information,” said PCI Security Standards Council Chief Technology Officer Troy Leach. “This new evaluation tool provides small businesses with awareness of the most common, critical risks for their environments and the proper resources to address potential threats. Additionally, the PCI Data Security Essentials Resources provide the right questions to ask their payment partners to have a dialogue on payment security. That conversation can only improve a small business owner’s understanding of proper payment security.”

Also launching are updated versions of the PCI Data Security Essentials Resources for Small Merchants. These resources provide easy-to-use information as a starting point for small businesses to understand how to protect themselves and their customers and have been updated to address the current and evolving threats small merchants face.

The PCI Small Merchant Taskforce, a global, cross-industry consortium launched by the Council in 2015, developed these educational materials to help small merchants protect payment card data from potential compromise.

“The PCI Small Merchant Taskforce is a collaborative effort to provide resources to help small merchants secure their payment card data,” said Barclaycard Third Party Risk Manager, Payment Security Product Michael Christodoulides, who’s co-chairing the taskforce. “From global payment security experts, to merchant associations and merchant banks working directly with small businesses, each member of the taskforce brings their own perspective and expertise to help small merchants address threats in an approachable and effective manner.”

These resources are available on PCI SSC’s Merchant Resource Page:

  • Guide to Safe Payments – Simple guidance for understanding the risk to small businesses, security basics to protect against payment data theft, and where to go for help.
  • Common Payment Systems – Real-life visuals to help identify what type of payment system small businesses use, the kinds of risks associated with their system, and actions they can take to protect it.
  • Questions to Ask Your Vendors – A list of the common vendors small businesses rely on and specific questions to ask them to make sure they are protecting customer payment data.
  • Glossary of Payment and Information Security Terms – Easy-to-understand explanations of technical terms used in payment security.
  • PCI Firewall Basics – A one-page infographic on firewall configuration basics.
  • Data Security Essentials Evaluation Tool – An online tool with accompanying evaluation forms which provides a way for merchants conduct a preliminary evaluation of their security posture.