PCI (Payment Card Industry) security standard compliance can be daunting and prohibitively costly for small and medium sized businesses. Choosing between payment processing systems  to get the best deal is difficult enough, and weighing in how well they meet PCI standards and assist merchants with compliance complicates the matter further, not to mention the added challenges of addressing security concerns that arise from doing a portion of business with an online credit card processor . And the ever more sophisticated tactics of thieves constantly prove that compliance in-and-of itself isn’t always sufficient to keep customers and merchants safe from fraud.

With all this difficulty, it can be helpful to have a few specific security priorities to emphasize, beyond simple compliance with PCI and online credit card processor standards, to stay focused on prioritizing security. A merchant that accepts card-not-present purchases via an online payment gateway as well as face-to-face payment should be most concerned with identifying and protecting cardholder data that his or her business controls. In the best, most secure scenario, a merchant will not store any cardholder data.

However, in the event that one or more of a merchant’s various system components do store data, it is best to focus on a few specific weak points in the communication chain and ensure that they are as protected as possible. PCI standards emphasize protecting the physical security of card readers, point of sale systems, store network computers, and wireless routers. It is also important to use encryption technology – which should be supplied by the company that serves as a merchant’s online credit card processor – and unique passwords to protect: computers that may store payment data; the transmission of payment data, especially if done wirelessly, from point of sale machines to the central merchant account computer; and access to the store’s wireless router.

PCI directs business owners to conduct self-assessments to see where their security is the weakest, but this can be difficult without expert assistance. Going through PCI’s suggestions with regard to the above components, which represent attractive and often vulnerable targets for fraud, and getting consultation from a merchant’s point of sale and online credit card payment processor is an efficient way to improve customer data security beyond the levels mandated by the PCI.