I’m a small business that only processes a few credit card transactions a month. Do I need a firewall or will I not be PCI Compliant?

You want to protect your customer’s credit card data obviously. Your firewall is the 1st line of defense on your network, no matter what type of internet services you are using. Some services from your local cable company or telephone company will come with a “Bundle” which will include a firewall/router combo. That’s fine for basic office usage and protection, however, when you are running a business, and you are taking credit cards, you are going to want to actually login to the firewall and make sure the settings line up with what your processor requires. They will have a check for things like making sure that the firewall has a rule that denies ANY traffic using ANY service to ANY resource on your LAN. That rule means that all traffic is blocked from entering your business network. That rule also means that you need to have other specific rules in place for other items on your network that may need to have communications open, those rules will be based off the application, resource, and port. You will also need to develop some Policies and Procedures and training to completely wrap the processes. That way you have documentation on what you have done, what is in place, and what you will do to make sure things are secure for your business. Please see http://pcidsscompliance.net for a wealth of information regarding this topic.