In 2006, growing concern over online credit card security and other issues saw the formation of the PCI Security Standards Council. Their mission was to increase credit card security by setting standards of credit card practices and educating both the public and the business world of these standards.
Founded by American Express, Discover, JCB International, MasterCard and Visa, the council doesn’t enforce standards – they are enforced by each individual financial institution. However, by raising awareness, defining standards and serving as the public face of the issues surrounding credit card security, the council has dramatically improved security in all areas of online sales and financial transactions.
While some meeting organizers do not deal with financial transactions, many do. Over the years, more and more customers having been voicing concern over how their credit card details are stored, managed and transmitted during the course of meetings and events.
Recent surveys, including one from the Ponemon Institute, are showing that credit card breaches in the United States are growing exponentially, with the number of reported breaches almost doubling from 2013 to 2014. This trend is expected to continue for the short term.
How does that affect the meetings industry? Credit card processing is a big part of our business, and security should always be the highest priority.
Trevor Gardiner, CEO of Centium Software, has been developing and publishing technology solutions for the meetings industry since the late 1980s, and he has seen the evolution of credit card security issues from before the Internet hit the scene in the mid-1990s.
“Our company has been working with meeting planners all over the world.” Trevor said. “We were among the very first registration companies to create a seamless integration with the Internet, and have seen first-hand how credit card security interplays with the registration process.”
“Securing and protecting credit card data has always been an important challenge for the meetings industry.” Trevor continued. “We have always maintained a strong commitment to adhering to the PCI standards, and we are continually innovating new and better ways to keep credit card data secure and protected.”
In the latest evolution of their registration technology, EventsAIR®, Centium Software takes extra steps to protect the security of event attendees’ sensitive credit card data. In EventsAIR, where the organizer is required to record credit card details for accommodation room guarantees, all credit card data is encrypted and stored in a highly secure credit card vault and Centium has extended secure processes to new tools such as the Hotel Portal.
“The Hotel Portal is another example of how we eliminate the number of hands dealing with hotel and financial transactions.” Trevor said. “Via the Hotel Portal, meeting planners can give each hotel vendor access to export rooming lists and securely access credit card guarantee details. The Portal removes the need for continual exports of hotel details from the meeting planner to the hotel vendor, and sensitive and private details are continuously protected.”
Ignoring the problem does not remove you, the meeting planner, from responsibility in the matter. More and more consumers, vendors and meeting management organizations are stepping up their standards in an effort to be more proactive in this front. Consider the consequences! If you are transmitting credit card numbers in a spreadsheet to a hotel for example, sensitive card data is exposed at many levels:
- From your meetings team, having access to those numbers
- To electronic theft while your files are in transit or stored on email servers
- To the vendor collecting the data and processing it into their systems
The list shown above illustrates the many ways a thief can steal your secure data! You do not want to be a source of a credit card data breach, which can have a major impact on your business. From liability issues to being banned from accepting credit cards completely!
Klaus Petrat, Chief Technology Officer at Centium Software, noted that when meeting with his clients, the topic of general data security looms large for their organizations. “Customers are not only concerned about credit card data security, but security of all other event data. The recent hacking of the Linux Conference registration system, where thousands of attendee’s personal data may have been compromised, serves as a clear reminder that maintaining a heightened awareness of security is critical.” Klaus said.
“For EventsAIR customers, not only is any credit card data processed in a PCI compliant environment, but all attendee data is also stored in a PCI Level 1 certified environment,” Klaus continued. “This provides significant protection for the event organizers and is a far more secure solution that just protecting credit card data.”
“People often forget some of the simple steps to limit risk and take reasonable precautions during your meeting management tasks, such as using strong passwords, keeping virus protection up-to-date and keeping your staff (and contractors) informed about avoiding phishing emails and protecting identities.” Klaus added.
In 2014, PCI DSS announced their newest standards, PCI Version 3. These new tough standards raised the bar on how merchants, credit card processors, gateways and most other businesses accept, process and store credit card data.
These tough new standards protect our entire industry in many ways. From our hotel partners and event vendors to our online registration tools, everyone is facing the challenge of creating new processes for a new level of security.
Fortunately for our industry, things are getting better. Almost all registration technology vendors are addressing this issue by assuring that their technology meets the standards set forth by PCI Security Standards Council.
There are many things you can do to protect your business and maintain secure processes for your meeting clients and attendees:
- Make sure all your registration data is protected to PCI compliance levels. Remember, the highest standard for 2015 is PCI Version 3, Level 1 and only Level 1 compliance requires an annual onsite audit and quarterly scan to confirm compliance
- Train your staff to protect their passwords and online identities
- Be sure to communicate all new processes to your vendors, staff and clients
For more information on PCI compliance standards, you can visit many websites, including: