To make sure this is the case, we can’t think of PCI as a one and done deal. We have to reinforce the issue throughout the complete merchant lifecycle. Below are three convenient occasions when you can bring up the PCI compliance process and PCI compliance assessments with your merchants--keeping them compliant and their customers safe.
Remind the merchant that they must complete a PCI compliance assessment. Reiterate that the way they handle transactions is crucially important. If they have a computer-based point-of-sale system, make sure they know how important it is that they secure their network. If they’re going to be using a terminal, tell them they should never write down complete credit card numbers or keep receipts where someone could see or steal them.
And right before you leave, you should remind them that although they may be PCI compliant today, if they’re not cautious, a single mistake could make them non-compliant. And that mistake would be expensive.
And you should talk about PCI in every edition. It doesn’t have to be the main topic, but you should always bring up data security in some way, shape or form.
Fix their problem first, of course, but then ask them how they’re doing more generally. Catch up with them for a few minutes, and see if their situation has changed or if they need something that you can help with--a new product perhaps.