What is PCI Compliance?
Due to growing concerns with credit card fraud and widely publicized security breaches involving cardholder data, the credit card industry established new standards called Payment Card Industry Data Security Standards (PCI DSS but often referred to as just PCI compliance).
These requirements cover a wide assortment of practices, technology, and systems and can be very complex to understand, let alone comply with. Primarily they relate to how your organization handles, stores and transmits cardholder data. Here are a few of the most important elements:
- Never store CVV2 data (the 3-digit code on the back of cards) or magnetic strip data
- If credit card numbers need to be stored or transmitted, they should generally be encrypted with at least 128-bit encryption.
- Restrict access to physical and electronic cardholder data with user specific passwords and based on business need-to-know.
More complete information on the PCI DSS can be found at www.pcisecuritystandards.org
Does this apply to my Camp?
Every organization that accepts credit cards is required to comply with PCI DSS, but the requirements for compliance can vary widely depending on the types of processing you do and the volume of credit card transactions processed. Merchants fall into one of four levels. Most camp programs fall into the lowest processing volume category (Level 4 with less than 20,000 credit card transactions per year), where the primary requirement is completion of a PCI self-assessment questionnaire and quarterly network scans. Currently there is no PCI mandated date for Level 4 merchant compliance.
Why is PCI compliance important to my organization?
Your camp program could be assessed substantial fines (as much as $500,000) if cardholder data is breached and your camp is not compliant.
Equally important is the simple need to protect your parents and their sensitive data they've entrusted to your organization.
How can EZ-CAMP2 help?
All of EZ-CAMP2's tools for credit card processing, including EZ-EFT, Insta-Charge, Click-to-Pay and WebLink, use PCI compliant methods for encrypting and securely transmitting credit card data, but we've provided even better security through our integration with our SafeSave Gateway™. This gateway allows EZ-CAMP2 to store parents' credit card (or bank account data) in a PCI certified hosting facility so that no sensitive data is stored on your computer or on EZ-CAMP2. A parent's record will just contain a "SafeSave™ ID" that uniquely identifies stored account data so that future transactions can be processed (via Insta-Charge, Click-to-Pay and EZ-EFT) without the need to re-enter any data. Eliminating the storage and sending of credit card data makes it much simpler for your organization to become certified as PCI Compliant.
Click here to learn more about EZ-CAMP2's Payment Processing Tools