Here are my top PCI resources for small businesses, based on what your business needs help with.
As a cybersecurity professional and fellow small business owner, I understand the challenge of balancing PCI compliance with other responsibilities. When speaking to other small business owners, I often hear that PCI feels like a costly, legal burden. I think it’s helpful to reframe PCI compliance as another way that I provide value to my customers, as well as a way to protect my business.
Cyber threats to small businesses are on the rise, but by focusing on some key areas, you can strengthen your security posture and prevent threat actors from stealing your sensitive data.
Here are my top PCI resources for small businesses, based on what your business needs help with.
SMB owners often don't know where to start and find the 12 requirements of PCI overwhelming. Here are my top resources that simplify the process and offer a foundational understanding:
Another stressor for most small business owners when it comes to PCI compliance is how much to allocate for compliance, what costs exist in the industry, and how they can become compliant on a strict budget.
Here are my top recommendations for content to read to understand PCI pricing better:
If you’ve already become PCI compliant in years past and want to simply maintain your compliance, there are a lot of great resources out there for what you should plan to do year-round.
I highly recommend starting with the SecurityMetrics PCI Compliance in A Year checklist if you want to break up compliance tasks into smaller, monthly responsibilities.
Here are my top recommendations for maintaining PCI compliance:
Frequently and adequately training yourself and your employees on PCI compliance is a key part of both increasing your security posture and meeting the compliance requirements.
I’ve found that not all PCI training is created equal, and some can be very costly, so here are my top (free) resources and trainings I suggest all SMB owners check out:
If you have an online shopping cart, you likely have heard of eskimming, one of the latest ways that threat actors attack small businesses to steal credit card information.
Here are the best resources for protecting your online shopping cart:
Looking for an ecommerce solution? Check out SecurityMetrics Shopping Cart Monitor.
If you’re looking for the end-all-be-all of PCI compliance resources, there’s nothing I suggest more than the SecurityMetrics PCI Guide. The 2025 PCI Guide includes insights, instructions, stats, stories, and more from SecurityMetrics experts who have worked with small businesses throughout the years and know exactly what they are facing.
SecurityMetrics PCI Guide is updated yearly, so no vital piece of PCI compliance information is forgotten. You can get your 2025 PCI Guide here, at no cost.