: click to return home

Payment Security

As a merchant, we are required to comply with the Payment Card Industry Data Security Standards (aka PCI DSS). PCI DSS is a comprehensive set of more than 200 requirements that applies to any merchant account holder who transmits, stores or processes credit cards. If an organization ever sees the 15 or 16-digit credit card number, even for a split second before sending it to a payment gateway, they are required to comply with the full scope of PCI DSS.

During 2007-2008, we attempted to build and maintain the infrastructure required for compliance in-house before finding it would require at least one full-time person dedicated only to maintaining compliance. Unlike what many solution providers pitch, PCI DSS is not a "set it and forget it" checkbox on a form. It requires daily review of log files, quarterly third-party network scans and annual on-site audits for large merchants. Because hackers are constantly finding new ways to compromise servers and steal data, actual, effective security that protects your personal information in the same way we would like our data to be protected requires daily vigilance and resources that no small business can realistically provide.

The only answer is to leverage the expertise and products of partners. At, we sought out the best in the industry to help us be both compliant and secure. Our partners (Braintree Payments and Stripe) and their networks completely handle authorizing, storing and processing credit cards and are PCI DSS Level 1 Validated with annual, on-site audits by third party auditors.

You can verify service provider validation at

tags Explore related help by tag: Attendee