It is in your best interests to maintain being PCI Compliant in order to reduce risk of a data breach which may lead to the compromise of sensitive cardholder information. We'll explain basic concepts of PCI and why being PCI compliant in your day-to-day operations is important for your business protection.
Merchants that do not comply with PCI DSS may be subject to fines, card replacement costs, costly forensic audits, brand damage, etc., should a breach event occur. For a little upfront effort and cost to comply with PCI, you greatly help reduce your risk from facing these extremely unpleasant and costly consequences.
You would have to complete Self-Assessment Questionnaire (SAQ). SAQ consists of 60-100 questions that will help you understand correct PCI processes on intuitive level. For example:
“Are hardcopy materials cross-cut shredded, incinerated, or pulped so that cardholder data cannot be reconstructed?”
At its core, this question tells you how hardcopy materials are supposed to be disposed of in a PCI compliant way. Each question provides clarification and guidance as well as helps create internal processes for merchant’s employees.
You would also need to complete vulnerability scans every 4 months along with completing the SAQ. Pivotal Payments’ Online Interactive portal partners up with qualified security assessors that were approved by the card associations to run these scans. The Qualified Security Assessor (QSA) runs the scan and detects any possible ports of intrusion, and creates a report on compliance. All this is done in order to safeguard against data breaches that could expose sensitive information.
PCI Security Standards Council has a few valid suggestions on their website. They summarized it pretty well.
Many breaches are preventable; they still tend to be unsophisticated and can be repelled with strong, basic defenses. Start with vulnerability scanning, but think about adding network penetration testing as soon as possible. If you have developed Web applications this is even more critical.