All merchants no matter how big or small need to comply with the PCI standards if they're going to take credit cards, and that means they need to do a few things:
Network:
The network needs to be rather secure, this means there needs to be a firewall in place so that no one from the outside can break in (easily) and see the cardholder data that is being processed. When you set up a firewall, you also need to make sure that you don't use stock passwords. This means that if you acquire a router with a default password, you're going to need to change it to make it more secure. Most would suggest using a password generator that creates a sequence of random numbers and letters.
Encryption:
It is equally important to make sure that you encrypt the cardholder data so that it cannot be deciphered as it leaves your network and goes across public networks on the way to its destination.
Vulnerability:
All computers are vulnerable to viruses, you need to make sure that your system has a decent and up to date anti-virus program installed to protect from malicious software. You also need to make sure that your systems and applications are completely secure.
Access Control:
Everything should be need-to-know; information regarding cardholders should not be shared with anyone unless there is some burning need. You should also make sure that everyone who uses the computers has a unique ID so that you know who was having access at what time.
Monitoring and Testing:
All activity on the network needs to be monitored at all times, that way it is well known who was doing what, and on top of that regular tests should be run to make sure that the network is still capable of fending off attacks, and that nothing has been tampered with.
Policy:
Make sure that everyone knows the security protocols, and write up a policy explaining how everything works, and how everything is to be done. Make sure that your policy is in writing and that everyone is exposed to it.
Those are the steps that need to be taken to ensure the security of cardholder information. It may seem to be a bit much, but when you think about it, you want your information kept secure because you could end up losing money if your information is leaked.