PCI compliance is one of the most important aspects in gaining consumer confidence, and a requirement developed by the major credit card companies to help ensure safety. As commerce in today's fast-paced business environment continues to rely more and more on electronic transactions, whether online or off, reliable security is going to receive even greater importance.

Any merchant that processes, stores, or transmits sensitive credit card information is required to reach PCI compliance. This means that a merchant must adhere to the PCI DSS (Payment Card Industry Data Security Standard) if they intend to accept credit cards. This standardized set of requirements consists of 12 different items, which can then be separated into more than 200 individual measures and controls.

The unfortunate corollary here is that PCI compliance is not a simple or quick process. There is a steep learning curve, and it is a time consuming endeavor.

Some companies or merchants likely have already completed certain aspects of PCI compliance. Many requirements of the PCI DSS are, after all, common sense. (Which is why it can be so distressing that many merchants still fail to implement those common sense measures.) And other companies may still have a very long road ahead of them.

But how do you know where you stand? How do you know how large the gap is between you and compliance? How can you be sure that you won't be just re-doing many procedures that you might have already sufficiently taken care of?

To help companies along those lines, the Payment Card Industry Security Standards Council has developed the PCI SAQ (Payment Card Industry Self Assessment Questionnaire). This is a validation tool designed to help merchants evaluate their PCI compliance and keep records of their compliance activities.

Originally, the PCI SAQ had a sort of one-size-fits-all design, but more recently it has been adopted to fit a more individualized approach. These new versions of the SAQ (there are five of them) were designed to address different scenarios depending on how your company stores, processes, or transmits cardholder data.

For example, some larger merchants are required to undergo on-site data-security assessments, but smaller companies that don't process as many cards only have to complete an abbreviated assessment (PCI SAQ A). This shortened assessment also applies to those merchants who choose to outsource their payment processing needs.

Your self assessment, and PCI compliance in general, will be further improved by employing a few general tips, strategies, and practices.

The first step is to make sure you are not storing any data that you don't absolutely have to. It should go without saying (yet here I am saying it) that a criminal cannot steal what isn't there in the first place. Cutting out that information makes you less of a target, and therefore makes for a safer environment for the information you do have to store.

Which brings us to the next point. Some information must be kept for either legal or record-keeping purposes, so this information must be properly identified, isolated, and stored in a controlled, protected, centralized system. This makes it easier to track and discover where the flaws were if a breach should occur.

PCI compliance can be a time consuming, costly endeavor, but by approaching the process methodically and consistently, you can start to ease some of the inherent burden.

The final question, then, is how much of a burden is it really? Complex? Yes. Resource intensive? Certainly. But is it a burden?

The way to answer this question is an analysis of what, exactly, you can expect from failure to reach compliance. This analysis is not complex at all. You can simply expect severe fines, the possibility of loosing the ability to accept credit cards at all, and, worst of all, the destruction of your reputation.

PCI compliance is necessary and required for long term success in our modern business world, and a structured self assessment is a great way to get started.

Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about PCI compliance, or the PCI Self Assessment Questionnaire, visit Braintree Payment Solutions today.