The Payment Card Industry Data Security Standard was created by credit card companies to keep customers payment card data secure. The 12 requirements will help you protect your customers from every conceivable angle in person and online. If you process, store, or transmit credit card information, you need to be PCI Compliant.
According to PCI Security Standards Council, small businesses are prime targets for data thieves. Home users are most vulnerable as their network is usually not protected. It's not enough to have a SSL Certificate on your website.
If customer's data is stolen, you could receive fines, penalties, and possibly lose the ability to accept credit cards. That will hurt your business as well as be an awkward conversation to have with a customer on why you cannot accept credit cards.
Start with the Self- Assessment Questionnaire. Your business size will dictate if you need additional technology. There is an ongoing 3 step process every 90 days to Assess, Remediate, and Report. In the first step, you look at your set ups and search for vulnerabilities. Second, you address the vulnerabilities. Finally, you create a report and send it to acquiring banks and card brands.
Technology is evolving and so are criminals. As determined as you are to make it, so are thieves. This is their livelihood. While this may seem inconvenient, imagine having your credit card information stolen. This is for your customers to feel safe with you. If they feel safe, they'll do more business with you.