How PCI compliance standards impact the events industry
Recent high-profile cyber breaches have led to more customers becoming aware of how their credit card details are stored, managed and transmitted during events and meetings. The PCI compliance standards help to minimize the risk for consumers by ensuring that all companies who deal with credit card details are doing so in a safe and secure environment.
For the many event planners and meeting organizers who deal with financial transactions, demonstrating PCI compliance will help reassure your customers that you value their security and can be trusted with their credit card and other personal information.
In this article we will answer some of the most common questions we receive from professional event planners when it comes to PCI compliance.
What is PCI compliance?
The Payment Card Industry (PCI) Security Standards Council was founded in 2006 by some of the world’s major financial institutions, with the sole mission of increasing credit card security by setting standards of credit card practices and educating both the public and the business world of these standards.
The council doesn’t enforce standards – that is the role of each individual financial institution. However, by raising awareness, defining standards and serving as the public face of the issues surrounding credit card security, the council has dramatically improved security in all areas of online sales and financial transactions.
Event planners can label themselves as being PCI compliant if they meet these standards.
What are the benefits of being PCI compliant?
If credit card processing is part of your business – indeed, if you deal with any personal consumer data – then security should always be the highest priority. The benefits of PCI compliance are numerous for event planners, and include:
- When attendees know you are PCI compliant, they know your systems are secure and they can trust you with personal information. Trust equals confidence equals loyal clients.
- You’ll improve your overall reputation with partners across the meeting and events industry.
- Once you’re PCI compliant, you’re better prepared to meet other regulations and compliance regimes when they emerge in your country.
What are the difficulties posed by PCI non-compliance?
As an event planner, you may be tempted to ignore the whole issue of PCI compliance, or leave it to the IT department. However, ignoring the problem does not remove you, the event planner, from responsibility. More consumers, vendors, meeting management organizations, and event planners are stepping up their standards to be more proactive in this front.
Consider the consequences from this example. If you are transmitting credit card numbers in a spreadsheet to a hotel, sensitive card data is exposed at many levels:
- From your events team having access to those numbers
- To electronic theft while your files are in transit or stored on email servers
- To the vendor collecting the data and processing it into their systems.
Just from this one example, you can see the multiple points at which someone can steal your data.
Overall, you do not want to be a source of a credit card data breach, which can have a major impact on your reputation and your business. The consequences can range from legal action, card issuer fines and disgruntled clients, through to serious liability issues and even being banned from accepting credit cards completely.
Do all companies need to be PCI compliant?
Any business that accepts credit cards as a form of payment, regardless of the size of those payments or how many you handle, must comply with the PCI standards.
If you’re not PCI compliant, you’re exposing yourself (and your clients and attendees) to the unnecessary risk of costly attacks and data breaches.
What are the PCI compliance requirements in Australia, the UK and USA?
The PCI compliance standards cover 12 technical requirements:
- Use and maintain firewalls
- Proper password protections
- Protect cardholder data
- Encrypt transmitted data
- Use and maintain antivirus
- Properly updated software
- Restrict data access
- Unique IDs for access
- Restrict physical access
- Create and maintain access logs
- Scan and test for vulnerabilities
- Document policies
These requirements are the same across all regions, including Australia, the UK and the USA. Because the standards are enforced by individual financial institutions, enforcement regimes and penalties differ from region to region.
The safest course will always be to work with an event tech partner who demonstrates the highest standards of PCI compliance with their software, so you don’t have to worry about penalties and enforcement!
How can you ensure secure processes are in place?
There are many things you can do to protect your business and maintain secure processes for your event clients and attendees:
- Make sure all your registration data is protected to PCI compliance levels. Remember, the highest standard in 2023 is PCI Version 3.2.1, Level 1, which requires an annual onsite audit and quarterly scan to confirm compliance
- Train your staff to protect their passwords and online identities
- Be sure to communicate all new processes to your vendors, staff and clients.
Critically, always ensure you are working with an event tech partner, like EventsAir, who understands the full scope of PCI compliance. The solution itself should process any credit card data in a PCI compliant environment, and all attendee data must also be stored in a PCI Level 1 certified environment. This provides significant protection for you as the event organizer and is a far more secure solution than just protecting credit card data.
How can we help you with PCI compliance for your next event?
At EventsAir, we understand the importance of selecting the right event technology partner. We maintain a strong commitment to adhering to the PCI standards, and we are continually innovating new and better ways to keep credit card data secure and protected.
We have one simple mission: to help event planners deliver effortless events with the world’s most comprehensive event management technology.
Reach out to request a demo, and one of our team members will be in touch shortly.