By De-de Mulligan on 2/18/20 7:04 AM
Payment Card Industry Data Security Standard (PCI DSS) is a global credit card processing standard that is designed for one purpose only – to ensure your guests' payment data stays secure through the entire payment cycle.
Formulated by the PCI Security Standards Council, the PCI DSS applies to any organizations—or events—that store, process or transmit cardholder data.
Even if you run a small association with minimal credit card transactions, your organization may still be obligated to comply with the standards.
PCI DSS Levels
According to PCISecurityStandards.org, service providers are segmented into one or two levels based on the number of credit card transactions that occur in twelve months.
- Level 1: over 300,000
- Level 2: under 300,000
Level 2 providers fill out a self-assessment questionnaire about their protection methods.
The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.
Level 1 Providers Require More
Level 1 companies must complete an external assessment by an approved Qualified Security Assessor (QSA).
QSA companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS.
In addition to an in-person security audit, Level 1 companies must also be scanned monthly for vulnerabilities and have an internal and external penetration test performed against their networks, according to Security Metrics.
At the end of the audit, the Assessor produces a Report on Compliance (RoC).
Level 1 is the highest level of credit card oversight. The security standard encompasses hundreds of requirements organized into 12 main areas, including but not limited to, firewalls, encryption, passwords, anti-virus, patching, access, and much more.
Finally, each Level 1 company is provided an Attestation of Compliance.
What it Could Mean for Your Event
Inherently, if a hacker takes your attendees’ credit card information, it may lead to unwanted charges, identity theft or sale of their data on the dark web.
How would a data breach of all an association's members’ credit cards and contact information fair for that association or their annual event? It could be potentially devastating.
According to PCI, noncompliance may result in:
- Loss of customers and sales
- Fines, penalties and legal costs
- Termination of your ability to accept credit cards
The Measures that Maritz Global Events is Taking to Protect Your Data
Whether meeting participants are registering for a conference months ahead of time or are walk-in attendees onsite at the event, we offer seamless and secure bookings and payment options.
Maritz Global Events' programmers have custom coded a double encryption protection into every transaction that occurs from our onsite environments.
Our entire IT department is continually evaluating and implementing better cybersecurity measures for our organization.
We’ve also expanded our cybersecurity team to include experts with experience from the DOD and other government high-security environments.
Data breaches are serious business. We work hard to protect our clients’ information every step of the way through better security hardening, processes and systems. We are also honored to say we have had a stellar PCI audit for the last ten years.
Editor’s Note: Maritz Global Events is not a professional security and privacy consultancy firm; therefore, we recommend and encourage all customers to seek their expert advice for PCI DSS compliance concerns.
De-de Mulligan is the President and Chief Content Strategist for Mulligan Management Group. As a former meeting planner who has received Ohio MPI’s Planner of the Year award twice (2006 & 2012), she brings a unique perspective to these blog posts.