I don't process a lot of credit card transactions. Am I still subject to PCI requirements?
All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store, collect or transmit payment card holder data. PCI SSC is responsible for managing the security standards while each individual payment brand is responsible for managing and enforcing compliance to these standards. For questions regarding compliance validation requirements and deadlines as well as compliance reporting requirements, it is recommended that you contact your Merchant Acquirer (credit card processor).
For more information regarding the PCI security standards and supporting documentation, including the "Navigating the PCI DSS" as well as targeted Self Assessment Questionnaires to assist small and medium merchants, please visit the PCI SSC website at: www.pcisecuritystandards.org.