PCI Compliance. Do you know what it means — and how it affects you and your small staff association?

It’s an important — but often overlooked issue for associations. If you use a vendor that has achieved PCI Compliance, does it automatically mean your organization’s transactions are safe?

Unfortunately, no.

This is a “reprint” of a previous Splash blog post. As a friendly reminder, PCI Compliance is extremely important for small staff associations (and every association, really!) to ensure your financial transactions are secure.

PCI Compliance is really more about “security” than “compliance.” Yes, it’s a set of measures that merchants must adhere to, but it really is all about security.The security measures put forth by the Payment Card Industry apply to all organizations, regardless of size of number of transactions.

Unfortunately, just because the vendor you use is PCI Compliant doesn’t mean your organization is. It’s extremely important to be familiar with your merchant account agreement, which should discuss the security measures it has taken.

Home users and small businesses are generally the most susceptible to security breaches because their networks are not as well protected as larger organizations’. Many small businesses use “always on” broadband Internet connections, making it easy for intruders to exploit their connection.

Credit card companies can fine acquiring banks any amount between $5,000 and $100,000 at their discretion. Of course, the banks will filter the fine down until it hits merchants – and will likely also cancel their relationship with the offending merchant or, at the very least, increase transaction fees. These can be devastating to smaller organizations and businesses.

Any entity that accepts payment cards from American Express, Discover, JCB, MasterCard or Visa is required to adhere to stringent security measures. (However, that requirement is not law – it’s monitored by regulatory bodies.)

Choosing a compliant vendor is the first step in making sure your — and your members’ — credit card information is as secure as possible.

This is a “reprint” of a post originally published in September 2009. I know we have many new readers, so I wanted to share it with everyone again.

Technology can be intimidating. We understand that here at MemberClicks. And the less people you have on staff to manage your data, the more intimidating it can be.

But before you even start looking at vendors and developers, there’s one big question: custom solutions or software-as-a-service (SaaS).

Custom solutions involve hiring a developer (or team of developers) to put together a program or database to keep track of your information. Software-as-a-Service involves vendors or providers licensing a piece of software to your organization and often they house your data on their own servers. Many are contract-based or monthly-based.

For the sake of comparison, I’ve compiled a list of things small-staff associations should keep in mind regarding each option.

Updates

• Many SaaS vendors include updates free of charge or for a small fee. The upgrades are released to all customers, and don’t require a custom job for your organization.
• A custom software solution usually doesn’t include upgrades — and they have to be created from scratch. Getting a custom solution upgraded often entails more time and money than your organization may be willing to spend.

Compatibility

• SaaS functions “in the cloud” — that is, your organization’s data is based in the Web. If you upgrade your Windows or Mac software, you won’t have to upgrade your data management solution along with it.
• Custom solutions are often tailored for just one (or a few) versions of Windows or Macintosh. Every program has a life cycle, and when your Windows or Mac software expires, your custom program probably won’t be far behind.

Support

• Your SaaS vendor will probably be around for quite a long time — and often, support is included or very affordable.
• Who’s to say your custom developer will always be around? Technology changes, so make sure your developer is ready to keep up with your needs.

Cost

• Research, development, design — all are included with a SaaS vendor because they serve so many different organizations. The vendor will be able to give you the lowest possible quote thanks to economies of scale.
• Your organization will probably have to pay for the entire project from start to finish, including development and programming costs.

I’ve said it before and I’ll say it again: every organization’s needs are different. Having a custom solution developed for your organization may be the right option, but there are already so many SaaS vendors out there. Chances are, one of them will be the right fit for your organization.

Happy Friday! What a stressful week it’s been – but it’s the good kind of stress, which I far prefer over the bad kind of stress. (Who doesn’t?) I’m ready for a relaxing weekend (well, not that relaxing … I have a 5K on Sunday). Who’s got fun weekend plans with their families and friends?

And just in case you haven’t had quite enough association management reading material this week, let’s kick off the weekend with a few of the posts from the blogosphere that really stuck with me this week.

1. Tony Rossell had a great post about innovation through collaboration and why collaboration is so important for associations. He cites two great articles that support that point, and I think it’s something every association should be cognizant of. Of course, at small staff associations it may be easier to have the whole staff collaborate, but don’t forget how important it is!

2. Midcourse Corrections’ Dave Lutz shared a few great ways to make your conference irresistible. My favorite? “Solutions are the new location.” Conference attendees participate because they’re looking for something, whether they know what that something is or not. Often, they find a whole host of solutions that will help them streamline their business practices.

3. Have you seen the Young Association Professionals’ takeover of ASAE’s Acronym blog? If not, it’s definitely worth checking out those posts. Want to achieve something great? Fail! is my personal favorite. I fully believe that if you really want to be awesome and get stuff done, you’ve gotta try a few ways that don’t work first.

4. At the Hourglass Blog, Eric Lanke shared an insightful post about the sad paradox of board governance. The kicker: When the shareholders need the directors least, they get them most. And when they need them most, they get them least. Does this ring true for your small staff association? Why or why not?

5. They’re a necessary aspect of association management, and this week, the Zen and the Art of Nonprofit Technology had a great post about the good, the bad and the ugly of RFPs. The section on what makes a great RFP is my personal favorite. Tips include “do your homework” and “understand that implementation differs across software platforms.” So true!

From everyone at MemberCilcks, have a fantastic weekend!

Happy Friday! This day is off to a great start already, and I have a feeling this weekend is going to be fantastic! What are you excited about this day, week or month?

Of course, if you need some more association management reading material before the weekend really starts, we’ve got you covered. Here are a few of my favorite posts from around the community this week. Which posts stuck out to you?

1. Innovation has been a hot topic among association blogs now. But how often do you really make time for it in your association? It’s easy to get caught up among the daily activities of running an association. But, as Jamie Notter points out this week, innovation does matter. “Change is constant but innovation isn’t,” he points out. Great read.

2. In a guest post at the Acronym blog this week, Jeff De Cagna asked a question that seemed a bit confusing at first: Do you want to be one of the disruptors, or do you want to be among the disrupted? Much like the discussion of innovation, association leaders get comfortable. And when others (disruptors) come along, it can be difficult. Where is your association going to fall?

3. It’s never too late to set new resolutions or goals, and Pamela Grow shares 18 for the small nonprofit organization this week. This post is definitely worth a read for small staff association: learn to use e-mail efficiently, quit copying your peers and be authentic are among some of the gems.

4. David M. Patt shared an interesting post this week about what happens when Baby Boomers start retiring. Will new association leaders know how things used to be done? Will it matter? Should your association preserve its knowledge for future generations and members? Interesting food for thought…

5. Do you know how to use your association management software efficiently? Wes Trochlil points out how important it is to use a vendor that provides a high level of service. Often, that can make the difference when it comes to properly managing your database. “Product functionality alone will not guarantee success,” Wes writes. So, so true – which is why we believe that “one size” doesn’t fit all here.

Whatever your plans are this weekend, we at MemberClicks hope you have a great one!

PCI Compliance. Do you know what it means — and how it affects you and your small staff association?

It’s an important — but often overlooked issue for associations. If you use a vendor that has achieved PCI Compliance, does it automatically mean your organization’s transactions are safe?

Unfortunately, no.

PCI Compliance is really more about “security” than “compliance.” Yes, it’s a set of measures that merchants must adhere to, but it really is all about security.The security measures put forth by the Payment Card Industry apply to all organizations, regardless of size of number of transactions.

Unfortunately, just because the vendor you use is PCI Compliant doesn’t mean your organization is. It’s extremely important to be familiar with your merchant account agreement, which should discuss the security measures it has taken.

Home users and small businesses are generally the most susceptible to security breaches because their networks are not as well protected as larger organizations’. Many small businesses use “always on” broadband Internet connections, making it easy for intruders to exploit their connection.

Credit card companies can fine acquiring banks any amount between $5,000 and $100,000 at their discretion. Of course, the banks will filter the fine down until it hits merchants – and will likely also cancel their relationship with the offending merchant or, at the very least, increase transaction fees. These can be devastating to smaller organizations and businesses.

Any entity that accepts payment cards from American Express, Discover, JCB, MasterCard or Visa is required to adhere to stringent security measures. (However, that requirement is not law – it’s monitored by regulatory bodies.)

Choosing a compliant vendor is the first step in making sure your — and your members’ — credit card information is as secure as possible.