Does our small shop need PCI-DSS?
Anyone accepting card payments falls under PCI-DSS, including SMEs. In practice your acquirer (CCV, Worldline, Adyen) does most of the work when you use their terminals directly. Your part is: no writing down card numbers, no lending out the terminal, and the annual SAQ.
Try this first
- 1Ask your acquirer which SAQ applies to you.
- 2Complete the SAQ yearly, keep the confirmation.
- 3Never store card numbers in sheets, email or CRM.
- 4Train staff on tampering: any odd-looking terminal gets reported.
When to bring us in
On doubt or a breach: notify your acquirer immediately and (for personal data) the Dutch DPA within 72 hours.
See also
- Lightspeed Retail or K-Series?Retail is for SKU-driven shops with e-commerce, K-Series is for hospitality.
- Is MplusKASSA right for my shop?Dutch vendor, strong for multi-store retail with solid accounting integration.
- Cloud POS or local only?Cloud needs reliable internet plus 4G failover, local-only loses multi-store sync.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.