GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Visa and Mastercard at 50: Evolving in evolving market

Patti Murphy


Industry Update

Major Visa, MasterCard settlement voided: Now what?

PCI SSC unveils new tools for small, midsize merchants

Denmark's Nets, BOKIS piloting digital wallet

UK joins backlash against interchange


GS Advisory Board:
The state of mobile today - Part 1

The art of shopping cart conversion

Cliff Teston

Payment technology timeline


Merging lanes on the POS road map

Dale S. Laszig
DSL Direct LLC

Fraud in the payment system: What - me worry?

Brandes Elitch
CrossCheck Inc.

Deaf to new product introductions?

Steven Feldshuh
Merchants' Choice Payment Solutions East


Street SmartsSM:
Time to treat MLSs right

John Tucker
1st Capital Loans LLC

Contract management in the paperless age

Adam Atlas
Attorney at Law

How and why to pursue ISVs

Kelly Cullum
SUR Technology Holdings LLC

Company Profile

New Products

Web-based statement analysis, CRM platform

Clientvine LLC

Flexible, EMV-ready mobile payment solution

Castles Technology Co. Ltd.


Are achievers born or made?


Letter from the editors

Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

July 24, 2016  •  Issue 16:07:02

previous next

PCI SSC unveils new tools for small, midsize merchants

The PCI Security Standards Council (PCI SSC) launched a new set of resources July 7, 2016, specifically designed for small business owners. The global forum, based in Wakefield, Mass., best known for establishing the PCI Data Security Standard (PCI DSS), is also responsible for developing, managing and broadening awareness of PCI DSS and payment data security best practices.

To stem the growing tide of cyberattacks against small and midsize merchants, the council formed a Small Merchant Taskforce to identify vulnerabilities in small business payment systems and create targeted solutions to help business owners protect and secure cardholder data.

Some of the PCI DSS guidelines contain complex, technical terms and legalese that can be difficult for small merchants to comprehend. PCI SSC General Manager Stephen Orfei saw a need for clear guidelines written in accessible language with graphical displays to illustrate key points.

"The market has been in desperate need of easy-to-understand payment security resources for small businesses," he said. "Working with a global, cross-industry taskforce representing merchants, banks, merchant associations, technology and service providers, and other small merchant partners, we're pleased to provide practical guidance to small businesses on how they can start protecting themselves against cybercriminals."

"Most small businesses have never heard of the PCI Data Security Standard, let alone read it," added Troy Leach, PCI SSC Chief Technology Officer. "If they did read it they probably would need a background in both information security and payment processing to best understand the requirements."

Printed, online resources

The newly published Guide to Safe Payments can be found on the PCI SSC website; printed versions are also available. Banks and processors can download, brand and distribute the reference guide to their small business customers. The council has published additional insights, including Focusing on the Fundamentals: Payment Protection Resources for Small Businesses in their PCI Perspectives blog site.

Following are highlights of the small merchant series documentation:

Taskforce co-chair David Matthews, General Counsel for the National Restaurant Association has seen considerable risk of data breaches among small restaurateurs. The new guidelines provide best practices and tools that can help small and midsize restaurants protect against cyberattacks, he said. "We specifically ask those working directly with the small business community to use these resources to educate companies on ways they can improve their security while simplifying their responsibility, so they can focus on other aspects of their business," he added.

A work in progress

The Small Merchant Taskforce plans to continually update and promote the small merchant payment protection resources, especially in the growing ecommerce sector, where additional tools and guidelines are needed, Leach stated. He pointed out that many small merchants rely on financial institutions, processors and third-party vendors for guidance on credit card processing; he urged these partners to include security in the dialog.

Leach also noted that education is a critical first step in protecting small businesses from data breaches. "As an industry, if we can help these companies understand their risk, security basics to protect against data theft, and where to go for help, we'll have made a substantial shift in cardholder data security for the entire payments ecosystem," he said.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio | Board Studios, Inc.