Compliance with card security programs is essential when accepting card payments. One of the first steps for a merchant of any size is to define their Merchant Level and the associated PCI compliance actions. Scope of work ranges from completing PCI Self-Assessment Questionnaire to engaging a QSA (Qualified Security Assessor) and undergo audits to validate compliance.
See http://usa.visa.com/merchants/risk_management/cisp_merchants.html
