Payment Card Industry Data Security Standard (PCI-DSS) Deadlines Comin
Payment Card Industry Data Security Standard (PCI-DSS) deadlines are upon
us. Just yesterday (6/1/09), NATA
News ran a story on this topic. Here's the bottom line: If
you accept Visa, MasterCard, American Express, or Discover cards ("consumer
cards"), the PCI compliance requirement applies to you.
Becoming PCI compliant is not just a matter of finding the right processing
company and software for credit card processing. Your organization
must also attest to its overall compliance. Otherwise, you risk the
loss of your ability to process consumer cards as well as the possibility
of fines in the event of a security breach at your company.
So what is this attestation? It depends on how you process consumer
- If you process consumer cards by imprint (on paper) or using a dial-up
machine, you can use the PCI's "simplified" Self-Assessment Questionnaire
B – 13 pages, 26 requirements / questions. You cannot
store card numbers for recurring charges electronically, and you must
have tight controls over any card numbers stored on paper (think vault). You
must also have and maintain an information security policy.
- If you process through computer systems developed internally or
stored on an internal computer (as with TotalFBO® or FBO
Manager®), you must use Self-Assessment Questionnaire D – 31
pages, 222 requirements / questions. For small to medium organizations,
the requirements in SAQ D are nearly impossible to meet -- even if
your software itself complies.
- If you’re processing consumer cards online through MyFBO.com,
you can use Self-Assessment Questionnaire C. While SAQ C is 16
pages with 41 requirements, the MyFBO.com PCI Compliance Pathway walks
you through each requirement. Most requirements are met by the
MyFBO.com software with a certified credit card vault. For other
requirements like maintaining an information security policy, MyFBO.com
provides draft documents for your use. In other areas, MyFBO.com
lays out the actions you need to take in plain English. We
make PCI Compliance easy.
Of course, helping you comply with Payment Card Industry Data Security
Standard is just one of the many things we do. Our web-based aviation
management systems can be up and running for your organization in
minutes -- interacting with your customers and staff, selling products
and services, and managing multiple locations from anywhere there's an
Internet connection. Our service can be configured for fuel
dealers, flight schools and academies, repair stations, aircraft managers,
flying clubs, charter operators – most any combination of flight
and ground operations of any size.