TechSoup.org The place for nonprofits, charities, and libraries

Are you compliant with the new data-security laws?

Are you compliant with the new data-security laws?

  • In his article New Laws for Organizations that Accept Online Payments, Andrew Conry-Murray writes that states and countries have recently created laws that require organizations that accept payments online to take certain measures to protect their constituents' data. After reading the article, feel free to share your questions or comments here.
    senior editor, TechSoup
  • The information provided in this article seems to imply that these guidelines are for any organization that touches credit card data, not only organizations that take online credit card payments. It seems to me that this important article to should moved to a different category than "web building".
  • Our organization doesn't accept payments online via credit card but we do process payments via our bank's ACH system. Is there published guidance on the requirements to protect this type of information and is there a self assessment questionaire available?
  • Just a comment/correction to this article. The PCI DSS requirements do actually state that anyone that has a webpage that connects to a processor, even a third party processor, must meet the level 4 merchant requirements, i.e., questionnaire and annual scan. This means that finding a third party processor will NOT absolve you from the need to meet the level 4 requirements. The reason for this is that even though you may not store or process credit cards, it is still possible for crooks to access the server that hosts your webpage (that in-turn connects to the third party processor) and redirect traffic to a fraudulent site that looks like your third party processor site.