[itdiscuss] PCI DSS

Thompson, Ken Ken.Thompson at mtw.org
Wed Dec 10 19:38:21 EST 2008 

Our bank - SunTrust - came out with an "edict" that we had to be in compliance or face fines (these are small, like $20.00 a month right now). But, the good thing is that they gave us tools and inexpensive steps to demonstrate "compliance". I put that in parenthesis because if you go to the PCI site and download the self assessment tool, it is ominous.

The company SunTrust uses has a short version of the ominous form found at the PCI site. It was very straight forward and has given us some good points to work on to improve how our donor data is handled. We're forming a task team to go through our work processes and find what needs to be improved.

The other part was that they scanned the IP's we use for online giving and we came out being in compliance as far as these scans.

It was not as painful as we thought it was going to be and we see that it will help us do some work internally to improve how we handle and manage our donors credit card information.

Before our bank provided this solution started looking into this issue for ourselves. We found that even if we accepted just ONE Credit Card, we had to be PCI compliant. Whew, that made us nervous. But, we had talked to one of our vendors, CDW and received a quote from a company regarding scans. It was on the expensive side, so we've been relieved that our bank has provided a very workable solution and that in the end, all this will help us be better stewards of the resources God gives us.

Hope this helps!

Ken Thompson
IT Manager, Mission to the World

From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Julianna Hutchins
Sent: Wednesday, December 10, 2008 6:16 PM
To: 'IT Discussion Forum'
Subject: Re: [itdiscuss] PCI DSS

Is this something new?  We've used credit cards on line for awhile.

Do you have to pay for it and is there one place better than another for it?

Julianna Hutchins
IT Administrator
Sugar Hill United Methodist Church
4600 Nelson Brogdon Blvd
Sugar Hill, GA 30518
770-945-2845 ext 273
www.sugarhillumc.org<http://www.sugarhillumc.org>
This message may contain confidential and/or proprietary information, and is intended for the person/entity to which it was orginally addressed.  Any use by others is strictly prohibited.


________________________________
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Ian Beyer
Sent: Wednesday, December 10, 2008 6:13 PM
To: IT Discussion Forum
Subject: Re: [itdiscuss] PCI DSS

It's only mandatory if you want to process credit cards. The penalties for non-compliance can be stiff, starting from getting your merchant account shut down, ranging up to stiff penalties. Check your merchant agreement for details.

Ian Beyer
Network Administrator
United Methodist Church of the Resurrection
13720 Roe Ave
Leawood KS 66224
http://www.cor.org
913-544-0288

From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Julianna Hutchins
Sent: Wednesday, December 10, 2008 5:02 PM
To: 'IT Discussion Forum'
Subject: [itdiscuss] PCI DSS

Has anyone heard of having to comply with the Payment Card Industry Data Security Standards (PCI DSS).   Is this mandatory?  www.pcisecuritystandards.org<http://www.pcisecuritystandards.org/>


Julianna Hutchins
IT Administrator
Sugar Hill United Methodist Church
4600 Nelson Brogdon Blvd
Sugar Hill, GA 30518
770-945-2845 ext 273
www.sugarhillumc.org<http://www.sugarhillumc.org>
This message may contain confidential and/or proprietary information, and is intended for the person/entity to which it was orginally addressed.  Any use by others is strictly prohibited.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://optimus.thompsonic.com/pipermail/discuss/attachments/20081210/2eb6bc87/attachment-0001.htm

More information about the discuss mailing list