Partner Corner: Three Steps to PCI Compliance

By: Jim Irish

How to ensure your payment data is secure.

Challenge: How can we ensure our association remains Payment Card Industry Data Security Standard (PCI DSS) compliant?

Solution: Organizations must follow rules and regulations to protect their data—and for good reason. According to Trustwave, a data-security company, payment-data compromise can result in fines up to $500,000 per card brand, per incident. Do you have best practices in place that help you both achieve and maintain compliance with PCI DSS? Here are three steps to take:

  1. Assess your situation. Take the Self-Assessment Questionnaire, a validation tool to evaluate your PCI DSS compliance. It's available online at www.pcisecuritystandards.org.
  2. Remediate your environment. Identify your vulnerabilities and reduce your exposure to costly data breaches. This includes everything from technical flaws in software code to unsafe practices in how your association processes or stores cardholder data.
  3. Be diligent. PCI DSS compliance is a continual process. Stay on top of how you protect your members' information.

Compliance is critical for associations of any size. When searching for your credit card processor, you should verify that all prospects are fully compliant with the latest PCI standards, as mandated by the Security Standards Council. More information on PCI compliance can be found at www.pcisecuritystandards.org.

Jim Irish is a territory manager for proactive sales with Chase Paymentech, the ASAE-endorsed credit-card processing solution for associations. Email: [email protected]