IT for Charities & NFPs

Do You Take Credit Cards? Are You Prepared for PCI DSS? May 14, 2010

Does your charity accept donations or payment via credit cards?  If so, you will probably aready know all about PCI DSS.  But if you don’t, you will need to – VERY SOON!

If you store, process or transmit any cardholder data electronically or manually, then your organisation needs to comply with the Payment Card Industry Data Security Standard (PCI DSS) – and prove it - by 1st September this year.  And if your organisation doesn’t comply, you run the risk of a massive fine.

PCI DSS is a set of comprehensive requirements for enhancing payment account data security.  It was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, in order to ensure the broad adoption of consistent data security measures on a global basis.

It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures – all designed to help proactively protect customer account data. 

It includes a whole range of requirements, including rules about what data you can and cannot store and what levels of security your organisation and systems network must meet.

It is important  realise that it covers your entire trading environment, including all third-party partners that store, process or transmit data for you as part of your credit card payment process.  Third parties include:

You can’t just assume that your website host or any third-party organisation you use will deal with this – the buck stops with you and you will need to make sure that all your providers, facilities and software comply before you can achieve compliance. 

More to follow soon ….