New PCI SSC Payment Security Tool Helps Small Merchants
The Verizon Data Breach Investigations Report found that small businesses made up 61% of the organizations surveyed. These highly-targeted businesses often do not have the technical expertise on staff necessary to effectively thwart or manage security attacks.
PCI Payment Security Tool Purpose
To assist small merchants in fighting cybercrime, the PCI Security Standards Council (PCI SSC) recently announced the launch of the PCI Data Security Essentials Evaluation Tool, as well as updated educational resources.
The Data Security Essentials Evaluation Tool was created to help small business owners assess their payment security posture and protect their customers’ payment card data.
Born from the need to create a simpler way for small merchants to evaluate how they address critical security risks for their specific payment environment, the online tool and accompanying forms provide a preliminary evaluation of a small merchant’s security posture.
“Faced with rapid advancements in payment technologies, small merchants have to first select the right payment acceptance method to meet the needs of their customer and then have confidence that they, or more likely, their payment service provider are doing enough to protect their customer’s information,” said PCI Security Standards Council Chief Technology Officer Troy Leach. “This new evaluation tool provides small businesses with awareness of the most common, critical risks for their environments and the proper resources to address potential threats. Additionally, the PCI Data Security Essentials Resources provide the right questions to ask their payment partners to have a dialogue on payment security. That conversation can only improve a small business owner’s understanding of proper payment security.”
Updated PCI Educational Resources
Along with the evaluation tool launch was the introduction of updated PCI Data Security Essentials Resources for Small Merchants.
These resources provide a starting point for small businesses to understand how to protect themselves and their customers. They have been updated to address the current and evolving threats small merchants face.
The updated resources are available on PCI SSC’s Merchant Resource Page now:
- Guide to Safe Payments: Simple guidance for understanding the risk to small businesses, security basics to protect against payment data theft, and where to go for help.
- Common Payment Systems: Real-life visuals to help identify what type of payment system small businesses use, the kinds of risks associated with their system, and actions they can take to protect it.
- Questions to Ask Your Vendors: A list of the common vendors small businesses rely on and specific questions to ask them to make sure they are protecting customer payment data.
- Glossary of Payment and Information Security Terms: Easy-to-understand explanations of technical terms used in payment security.
- NEW! PCI Firewall Basics: A one-page infographic on firewall configuration basics.
PCI Small Merchant Taskforce
The PCI Small Merchant Taskforce, a cross-industry global consortium launched by the PCI Council in 2015, developed these educational materials to help small merchants protect payment card data from potential compromise.
“The PCI Small Merchant Taskforce is a collaborative effort to provide resources to help small merchants secure their payment card data,” said task force co-chair Michael Christodoulides. “From global payment security experts, to merchant associations and merchant banks working directly with small businesses, each member of the task force brings their own perspective and expertise to help small merchants address threats in an approachable and effective manner.”
PCI Compliance Help for Small Merchants
Sword & Shield Enterprise Security partners with you to provide PCI compliance help and to make protecting your small business against cybercrime easier. We take the burden off you by providing expert QSAs, security engineers, technical writers, and more to provide world class, competitively-priced PCI compliance services.
Contact us for a free consultation to get started!
Read our blog about making PCI Business as Usual to further protect your small business again security breaches.