PCI compliance — which requires retailers to meet certain data security requirements for credit card transactions — is a growing challenge for independent booksellers.
IndieCommerce and IndieLite members have the advantage of being able to leverage the technical expertise of the IndieCommerce team. To provide greater assistance, the IndieCommerce team is extending its knowledge to all ABA member booksellers. Stores can e-mail questions to firstname.lastname@example.org with the subject line “PCI compliance”; the IndieCommerce team’s resources are limited, but staff will do their best to shed light on stores’ troubles.
To be PCI compliant, booksellers are required to complete complicated forms, called Self-Assessment Questionnaires or SAQs, which are filled with technical jargon. Even selecting the correct SAQ to use can be difficult. Further, booksellers may find themselves obligated to make changes to their store networks, computers, or websites that can be difficult or impossible for a layperson. The consequence for failing in either area is monthly penalties from credit card processors and the possibility of being dropped entirely by a credit card processor.
Scanning vendors — the companies that handle paperwork and network scans to show PCI compliance — have recently been raising the bar for compliance. The reasons for this are in the news, with record data breaches at large companies repeatedly making headlines in the past year. Although data has leaked from major corporations, such as Target, Equifax, Yahoo, and others, it is small businesses with limited resources that are suffering.
The IndieCommerce team is available to help. Booksellers with questions about PCI compliance can contact email@example.com.