PCI Compliance. Do you know what it means — and how it affects you and your small staff association?

It’s an important — but often overlooked issue for associations. If you use a vendor that has achieved PCI Compliance, does it automatically mean your organization’s transactions are safe?

Unfortunately, no.

PCI Compliance is really more about “security” than “compliance.” Yes, it’s a set of measures that merchants must adhere to, but it really is all about security.The security measures put forth by the Payment Card Industry apply to all organizations, regardless of size of number of transactions.

Unfortunately, just because the vendor you use is PCI Compliant doesn’t mean your organization is. It’s extremely important to be familiar with your merchant account agreement, which should discuss the security measures it has taken.

Home users and small businesses are generally the most susceptible to security breaches because their networks are not as well protected as larger organizations’. Many small businesses use “always on” broadband Internet connections, making it easy for intruders to exploit their connection.

Credit card companies can fine acquiring banks any amount between $5,000 and $100,000 at their discretion. Of course, the banks will filter the fine down until it hits merchants – and will likely also cancel their relationship with the offending merchant or, at the very least, increase transaction fees. These can be devastating to smaller organizations and businesses.

Any entity that accepts payment cards from American Express, Discover, JCB, MasterCard or Visa is required to adhere to stringent security measures. (However, that requirement is not law – it’s monitored by regulatory bodies.)

Choosing a compliant vendor is the first step in making sure your — and your members’ — credit card information is as secure as possible.

PCI Compliance. It’s an important — but often overlooked issue for associations. If you use a vendor that has achieved PCI Compliance, does it automatically mean your organization’s transactions are safe?

Unfortunately, no.

PCI Compliance is really more about “security” than “compliance.” Yes, it’s a set of measures that merchants must adhere to, but it really is all about security.

The security measures put forth by the Payment Card Industry apply to all organizations, regardless of size of number of transactions.

Unfortunately, just because the vendor you use if PCI Compliant doesn’t mean your organization is. It’s extremely important to be familiar with your merchant account agreement, which should discuss the security measures it has taken.

Home users and small businesses are generally the most susceptible to security breaches because their networks are not as well protected as larger organizations’. Many small businesses use “always on” broadband Internet connections, making it easy for intruders to exploit their connection.

Credit card companies can fine acquiring banks any amount between $5,000 and $100,000 at their discretion. Of course, the banks will filter the fine down until it hits merchants – and will likely also cancel their relationship with the offending merchant or, at the very least, increase transaction fees. These can be devastating to smaller organizations and businesses.

Yes, I’ve written a bit in the past about PCI Compliance, but we take security standards very seriously here. Any entity that accepts payment cards from American Express, Discover, JCB, MasterCard or Visa is required to adhere to stringent security measures. (However, that requirement is not law – it’s monitored by regulatory bodies.)

Choosing a compliant vendor is the first step in making sure your — and your members’ — credit card information is as secure as possible.

When it comes to your members’ financial information, you really can never be too careful. And with so many technology options for associations out there, it’s difficult to know how to start narrowing down your list.

However, there is one common characteristic every vendor you’re considering should have: PCI Compliance.

Choosing a vendor that has met all six standards for PCI Compliance is the safest way to ensure that all financial information that goes through your database remains as secure as possible.

What does it mean, exactly, to be PCI Compliant? Payment Card Industry Compliance requires vendors to meet six standards:

• Build and maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy

There’s no way to be partially compliant; it’s an all-or-nothing deal.

How did PCI Compliance come about?

Basically, the major credit card companies all agreed on the above set of standards, and they have the power to fine vendors or organizations who aren’t compliant. If your technology vendor isn’t compliant, neither is your organization.

We want to encourage every organization to consider PCI Compliance when choosing a vendor. Even if MemberClicks isn’t the right fit for your organization, it’s crucial to protect your and your members’ financial information by choosing a secure vendor.

For more information on PCI Compliance, click here.

Image credit

Imagine this: You get a call from your credit card company to confirm some unusual activity on your card. But you haven’t gone on any major shopping sprees lately, and you’re certainly not out of the country.

You’ve just been a victim of credit card theft, and now some phantom thief has put his face to your name and is racking up charges.

Credit card theft is not as uncommon as you might think. In 2008 alone, 10 million people were affected (which is a 22 percent increase from 2007).* At least two people close to me have experienced identity theft in the past few years, and I would be surprised if you don’t know someone who has also been affected, as well.

But maybe it’s not your credit card that was compromised. Maybe, as an association staff member, it’s your members whose identities are at risk. Now what? You or your member(s) will spend an average of 600 hours each recovering from the crime. It can take years to fully recover all damages from identity theft.**

What’s one easy way to take action to protect you — and your members — from credit card fraud?

Choose PCI Compliant vendors.

MemberClicks is proud to be a PCI Compliant vendor for all our payment processing services. But no matter which association management software you use, it’s crucial to choose one that has taken the most precautions to protect your and your members’ information.

In order to be certified as PCI Compliant, a vendor that handles credit card transactions must meet six requirements:

• Build and maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy

As of Oct. 13, the Identity Theft Resource Center reports 403 data breaches this year. Credit card theft doesn’t just occur if someone steals your card. Anytime you enter your credit card number online, you’re at risk — especially if the vendor you’re working with is not PCI Compliant.

Some background on PCI Compliance…

The Payment Card Industry Security Standards Council was founded in 2006 by the five major credit card companies: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Its mission is to enhance payment account data security and it promotes the security standards set in place by each company. Basically, the security standards call for all companies to process, store and transmit credit card information in a secure environment.

If your vendor isn’t PCI Compliant, your organization won’t be either. And if your organization is not compliant, you could face fines from the credit card companies or even the suspension of your ability to accept credit card payments.

PCI isn’t technically a law. It’s a set of security standards that the five major credit companies want businesses and vendors to meet in order to keep their customers’ data secure. However, some states do already have laws in place that force components of the security standards to be met.

Here’s a great set of frequently asked questions about PCI Compliance. No matter which vendors you work with, be sure to take PCI Compliance into account when choosing one that will handle your and your members’ credit card information.

* Source: Javelin Strategy and Research Center
** Source: Identity Theft Resource Center
Image via Flickr