Organizations managing meetings and events on the web become responsible for properly managing the data they collect from participants, attendees, speakers, sponsors, and the likes. Providing robust privacy and security policies, processes, and technology is key in order to gain customer trust and guarantee regulatory compliance. Certain Software was a pioneer in driving the adoption of the highest level of privacy and security throughout the online registration process. Since 2004, Certain has been Visa Cardholder Information Security Program (Visa CISP) compliant, which eventually became the template for the Payment Card Industry standard. For 3 years in a row now, Certain has achieved PCI Service Provider Level 1 compliance. This is the highest level in the industry, and requires an annual on-site audit by a PCI approved Quality Security Assessor.
“Security and Privacy are a critical issues for our customers and our business,” says Jonathan Dodson, CIO of Certain Software. “Achieving PCI Service Provider Level 1 means that we have chosen to comply and be audited against one of the highest international security and privacy standards.” As a meeting planner, choosing an audited PCI compliant vendor is crucial to success. Not only are there various penalties associated with using a non-PCI compliant vendor, but gateway access can also be terminated by Credit Card companies if the payment gateway isn’t compliant. The most important aspect of using a PCI compliant vendor though, is providing a safeguard for customer data. “The best reason to choose a PCI compliant vendor is to protect your event registrants,” says Dodson. “If customer identity and business references are important to you than you must protect them at all costs.”
To read more, consider the following resources on our web site:
- Serious e-Commerce Calls For More Than Just a Security Blanket (white paper)
- Security Issues in Meetings Technology (presentation)
- 4 Essentials for Making Websites Access to All (white paper)
