CYBER SENTINELS
Author: Hunter Holcombe
October 2007
Technophiles
|
|
For as long as people have been using money, they’ve had to worry about other people trying to steal it from them. From pirates to bank robbers to subway pickpockets, the existence of currency has spawned an infinitely diverse range of plots for taking it away.
Now, with the Internet era of online shopping, eBay and even online meeting registration, a generation of techno-pirates is learning how to hack into online databases and steal valuable personal information. From bank account information to credit card and social security numbers, identity theft has become a major problem (at a cost of more than $50 billion to U.S. businesses annually), and meeting planners, as keepers of sensitive registration data, find they have a serious responsibility on their hands.
“For a meeting planner, security is really important,” says Jonathan Dodson, chief information officer of Certain Software, a leading online registration service. “Because, right now, simply having information about someone is a risk in and of itself.”
In an effort to combat the growing problem of financial data thievery and identity theft, major financial institution associations like VISA, MasterCard and American Express banded together to form the Payment Card Industry (PCI) Security Standards Council, which in 2006 created a common set of standards for processing and transmitting payment information.
A merchant’s required level of security depends on how many transactions they handle annually and—as a company handling millions of transactions for a multitude of clients—Certain Software operates at PCI Level 1 compliance, the highest level possible. Not only does this standard mandate that client login and password information automatically expires but stringent audits and on-site inspections by a Qualified Security Assessor ensure the registration management service provider is up to snuff.
According to Dodson, not all online registration services have this level of security. Some companies, he says, will promote themselves as PCI compliant, but are only operating at levels II or III. It’s important then that meeting planners verify that whoever is handling their clients’ transactions are operating at PCI Level 1. Do this by requesting a summary of the Report on Compliance directly from your registration service.
And as if your clients’ or company’s security were not cause enough for concern, there’s another compelling reason to make sure your registration service is functioning at PCI Level 1. “If you are noncompliant, some merchant banks will stop accepting your charges,” Dodson says. If this unsavory event occurred, you would then have to deal with late payments, change your registration provider and recontact registrants to sheepishly ask them to pay again. As the old saying now goes, “Better safe than at fault for online identity theft.” certain.com
