Neil - my bank sent an insert in my last statement with a referral
to a specific company that handles the compliance certification
(there are several; they said you could use any, but not knowing
anything about any of them I used the one they recommended). You have
to “enroll” first, then complete the appropriate questionnaire. I
enrolled by phone, since as a sole proprietorship using an old
fashioned knuckle buster card machine I was not fitting any of their
So they enrolled me by phone, helping figure out which set of
questions I qualified for; I gather this varies by what machine you
use, how you store and use data, number of employees, dollar volume,
etc. They are interested in what types of security you should have.
Since I do not take CC on the web, don’t store any CC data on
computers; and don’t have an electronic CC machine, I got the
"short" questionnaire - which they e-mailed to me.
Then you answer the questions on how you handle data security, etc.,
and they grade you, and you pass or revise your policies until you
Which struck me as pretty worthless, since you could, of course, put
in the answers they wanted whether they had anything to do with
reality or not!
Having been a victim of identity theft myself I am VERY careful
about how I handle other people’s CC info! Although that said, in my
set up who would access it - my cats and dog???
Anyway, it did not take long - phone call and questionnaire together
maybe 15 minutes? They said if you don’t do this you will be charged
a non-compliance fee monthly; size of fee based on your average
monthly CC sales. At my low (gosh - wish that was different!) rate
it would run about $10/month they thought; but that means in 3 months
I would already pay more than the about $25 compliance fee…so
financially worth doing for me.
Would be interested in hearing from others.
Three Cats and a Dog Design Studio