PCI Compliance rules, designed to ensure that credit card numbers are not kept on merchants’ computers in a form that are easy to steal, is a good thing, nobody like having their credit card stolen and fraud hurts everyone. However, it is expensive and complicated for everyone who accepts credit cards, in particular online merchants. Most business owners have no idea what they have to do to meet the PCI compliance requirements.
If you are confused about PCI compliance, Internet Retailer recently posted a good article on the topic. The best part of the article is this:
Don`t hold data
PCI experts say one of the best ways for a retailer to reduce PCI compliance costs is to not hold cardholder data, because only retailer systems—networks, servers, databases and software—that hold cardholder data fall under PCI. No card data in a customer history database, for instance, means that database is excluded from PCI audit.
Seriously folks, most smaller businesses do not even require an audit if their numbers are not stored. Just send the card into on to your gateway company and let them store it. Most small and mid-sized businesses, if they don’t store credit card numbers, can achieve PCI compliance by simply filling out a self-assessment questionnaire.