Aug 15, 2017
Any online donation page or e-commerce platform that accepts personal card data is vulnerable to external threats. Hackers can infiltrate systems and steal user information, or other vulnerabilities can result in significant loss or corruption of information. To prevent incidences of lost or damaged personal card data, the Payment Card Industry (PCI) Security Standards Council established data security standards (DSS) in 2007 to protect both customers and merchants involved in the transactions. Failing to meet the requirements can leave an organization open to fines or other penalties. Organizations that comply with these standards when accepting donations made via credit card significantly reduce the risk of a data breach while enjoying improved efficiency, increased donations and reduced overhead costs.
Basics of PCI DSS Compliance
There are 12 major PCI DSS compliance requirements, and a violation of just one can result in being deemed non-compliant and penalized. Every time an organization is involved in a non-compliant incident, it faces fines, suspension and revocation of card processing capabilities. Organizations are now investing time and money into implementing a PCI DSS compliance program by deploying data security features and following the council's guidelines.
There are a few easy questions organizations can answer to determine their PCI DSS needs to secure handling of customer card information. Once vendors have the information, the overall process typically can take up to a year to complete, and is an ongoing process as new technologies become available in response to evolved hacking attempts.
The Payment Card Industry Security Standards Council has established penalties and consequences for non-compliant organizations. Each incident of a security breach will cost an organization up to $500,000 and written notification must be sent to any victims whose information has been compromised so they are aware of potential fraudulent charges made on their cards. The organization must then recover all lost information, which can greatly increase the total cost per incident.