What No One Tells You About PCI Compliance
Let’s face it. Credit Cards are a normal part of everyday life for most individuals and business today. Adhering to PCI compliance should be a part of your associations business processes as well. In the Nonprofit community you typically have organizations who except credit cards by their members for dues, donations, events, orders, & training sessions etc. Further, Associations and their foundations are in the difficult position of having to stay afloat on a revenue stream that requires a steady stream of donations as well as sustaining members.
Unlike a strictly commercial entity, they experience the precarious balance of having to maintain private financial information while also being open to transparency over who is donating and how much.
This is one reason why the right database software is so crucial in helping non-profits meet and maintain their secure donor and member goals. The lynch pin of that security is typically the Payment Card Industry Data Security Standard (PCI DSS). The PCI standard is technical as well as procedural, breaking down all the necessary components of sensitive card security into key areas:
Build and Maintain a Secure Network
The standard enforces physical configuration such as firewalls and the most crucial practices network security such as password protection. For example, vendor supplied defaults for system passwords are not acceptable.
Protect Cardholder Data
Cardholder data must be kept private by the highest secure means, in a secure vault or PCI compliant database. And, any transmission of such data across public networks requires effective encryption.
Maintain a Vulnerability Management Program
Regularly maintained and updated anti-virus programs are essential, and any software, custom or third-party, that interfaces with the data must protect it to the highest standards.
Implement Strong Access Control Measures
As personnel are often the most vulnerable point of attack with data intrusion, access must be controlled with the greatest measures in system-level security, sensitive data policies, and training. Access must be on a need-to-know basis and protected with both system permissions/access controls and with physical security such as RFID.
Regularly Monitor and Test Networks
All of the measures listed above require effective monitoring and regular tests of security processes.
Maintain an Information Security Policy
All security procedures must be effectively maintained, documented, and understood by personnel. In short, your Donors and Members of non-profit causes deserve the peace of mind knowing that their financial data is safe.
We have worked with hundreds of organizations who utilize our drafting tool, AutoDraft, who have taken the necessary steps to ensure compliance of members and donors valuable financial data. If you would like to talk to us about our experience with database & PCI compliance Contact us to learn more. Until next time, keep SmartThoughts in mind.