The Payment Card Industry Security Standards Council published new guidelines for secure payment devices and streamlined the assessment questionnaire small merchants must fill out to evaluate their network security.
The council maintains standards governing whether and how card data is stored and transmitted. If merchants do not comply with the standards and suffer a data breach, their acquirers face fines from the card companies.
The PIN Entry Device equipment approval listing, which the council published online Monday, spells out the security requirements for devices used to enter PINs at the point of sale. The listing also names the devices that meet its requirements.
Last week the council streamlined the process for small merchants to evaluate their level of compliance with the standards. Large merchants must undergo an audit to demonstrate their compliance; small merchants must simply fill out a questionnaire.
Bob Russo, the council's general manager, said in an interview Tuesday that the old questionnaire contained 215 questions and was too long for many small merchants to comprehend easily.
The new questionnaire comes in several versions tailored to the type of technology the merchant is using; each version contains fewer than 40 questions, he said.
"We didn't dumb it down," he said. "We geared it specifically to these types of merchants. You've got four very different types of questionnaires."
