At‑a‑Glance: PCI DSS applies to anyone who accepts cards. Shrink your scope with EMV, P2PE, and tokenization, then complete the right SAQ with good network hygiene.
Scope First, Then Checklists
- Use EMV/NFC devices that never expose PAN to your systems.
- Tokenize card data; avoid storing raw numbers—ever.
- Segment guest Wi‑Fi from POS networks; change default passwords.
SAQs in Plain English
- SAQ A: ecommerce with hosted pages only.
- SAQ B‑IP: standalone P2PE terminals.
- SAQ C/SAQ C‑VT: POS systems or virtual terminals.
- Your mix may vary by location—don’t copy‑paste last year.
Everyday Habits That Keep You Safe
- Timely software updates and device checks.
- Least‑privilege user permissions; remove ex‑employees immediately.
- Incident playbook: who to call, what to capture, how to communicate.
MPG PCI Toolkit
- SAQ guidance and reminders by location.
- Approved signage/receipts for dual pricing to keep wording compliant.
- US‑based support for audits and escalations.
FAQ
Do small businesses really get audited? You’re responsible regardless of size. The good news: with the right setup, the SAQ is short and straightforward.
Will PCI slow down checkout? Properly configured devices and networks actually speed things up and reduce rekeying.