We are open & providing remote audit and compliance services during this national emergency.
Call (866) 335-6235 to see how we can help your company.

New White Paper: “The Complete Guide to Enterprise Risk Management” DOWNLOAD NOW
Listen to: "Why Small Businesses Need the Data Security Essentials (DSE) Toolkit"

Small businesses rarely have the time or inclination to spend any more time satisfying PCI compliance requirements than necessary. They are often looking for shortcuts to complete this process as quickly as possible in order to get back to valuable business activities. Fortunately, the PCI Security Standards Council (SSC) has released a new set of tools for this purpose, which is specifically designed for small businesses and PCI self-assessments.

PCI Data Security Essentials & Self-Assessment Questionnaire

The PCI SSC manages the PCI Data Security Standard (PCI DSS), which consists of 12 requirements that it has developed into the PCI Self-Assessment Questionnaire (SAQ). Each requirement includes multiple directives that businesses can use to assess their payment card security policies and procedures.

Small business owners can become frustrated and discouraged after reading the full PCI assessment. The process of selecting the right questionnaire is complex. There can be a long list of questions that are difficult to answer even when the merchant selects the right questionnaire. Nevertheless, completing the PCI SAQ is a requirement for merchants who want to take credit card payments.

However, the DSE questionnaire focuses on changes with the greatest impact on a merchant’s PCI security. They function similarly to traditional PCI SAQs, except they contain fewer questions. Furthermore, the questions have a larger number of answer options that are relevant to small business, helping these merchants to better understand their risks and the methods to mitigate them.

WHY SMALL BUSINESSES SHOULD CONSIDER THE PCI DATA SECURITY ESSENTIALS TOOLKIT

Members of the PCI Council’s Small Merchant Taskforce have worked hard to develop the Data Security Essentials (DSE) toolkit, which will help small merchants comply with PCI DSS. The primary challenge of this task is these businesses often have PCI security postures that are just as complex as larger merchants that process far more credit card payments. The reason for this complexity is due to a combination of factors such as the growing number of payment methods and lack of technical expertise on the part of small businesses.

WHAT IS THE PCI TASKFORCE’S ROLE IN HELPING SMALL BUSINESS MERCHANTS?

The taskforce’s ultimate objective with the DSE toolkit is to improve the security posture of small businesses, rather than merely increasing PCI compliance. This goal drove the development of a platform that helps small businesses determine the questionnaire they need to complete before getting started. It includes fewer requirements than previous tools by focusing on high-impact requirements and uses simpler terminology. The DSE toolkit also provides highly targeted cybersecurity resources that allow low-level merchants to understand and reduce their risk.

The task force released its first set of cybersecurity resources for small businesses in July 2016 and has continued to simplify the security and compliance process for this type of merchant. It also released an evaluation tool in August 2018, which improves on the previous DSE toolkit. This latest version provides the shortcut to PCI compliance that small businesses have been waiting for, along with information to help them improve their security posture.

Small Business Advantages to PCI Self-Assessment Questionnaires

The Data Security Essentials questionnaire chart below shows a comparison between the DSE questionnaire and PCI SAQs. The most obvious difference between the two types of questionnaires is the significant reduction in the number of questions for the DSE questionnaires as compared to the corresponding PCI SAQ. Furthermore, there aren’t any DSE questionnaires for merchant types 8 and 11 because these merchants use processing methods that the DSE can’t validate.

DATA SECURITY ESSENTIALS (DSE QUESIONNAIRES)

DSE QuestionnaireNo. Of RequirementsScan Required?Related PCI SAQ/No. of Requirements
Type 114SAQ B/38
Type 214SAQ B/38
Type 339YesSAQ B-IP/64, SAQ C/116, SAQ D/245
Type 439YesSAQ C/116, SAQ D/245
Type 539YesSAQ C/116, SAQ D/245
Type 639YesSAQ C/116, SAQ D/245
Type 739YesSAQ C/116, SAQ D/245
Type 913SAQ A/22
Type 1027YesSAQ A-EP/149
Type 1220 SAQ C/116, SAQ D/245
Type 1321No SAQ C/116, SAQ D/245
Type 1426Yes SAQ C-VT/64
Type 1515P2PE/24

SOURCE: https://www.pcicomplianceguide.org

THE IMPORTANCE OF PCI COMPLIANCE FOR SMALL BUSINESSES

Merchants must receive approval from their merchant bank before they can validate their PCI compliance with the DSE. However, those merchants are considered PCI compliant once they complete the appropriate DSE questionnaire, although they may still be required to pass Approved Scanning Vendor (ASV) scans at regular intervals.

Increased PCI compliance from merchants reduces the risk for independent sales organizations (ISOs) and acquirers that have those merchants in their portfolios. Payment facilitators also realize the benefit of greater security when they enroll sub-merchants in a PCI program that uses DSE questionnaires. The DSE questionnaires are already available through PCI compliance vendors.

Your Professional Compliance Partner

I.S. Partners, LLC. can help compile and ensure that your PCI compliance documentation remains in order. We can also help your organization develop security policies and training procedures. Contact us online or call 215-675-1400 to learn more about how we can help your company stay PCI compliant.

Get Hassle-free Pricing in 3 Easy Steps

1
Request a quote using the form below
2
Allow us to create a customized plan
3
We'll get you an accurate, no-obligation quote
Untitled-1 Asset 1 Request a Quote Background

Request a Quote

Please fill out the fields below and one of our compliance specialists will contact you shortly. Want to speak to us now? Call us at (866) 642-2230

Request a Quote (Keep)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.

Sending

Great companies think alike!

Join hundreds of other companies that trust I.S Partners for their compliance, attestation and security needs.

Teladoc VeriClaim DentaQuest VisioNet Verifacts Sterling AV Med DOE Legal