Protecting cardholder data is extremely important. When parents pay for their child’s school fees online, they want the peace of mind that the information they provide will be handled responsibly.
We put together some quick tips on how you can ensure your school’s credit card data is secure.
Use a PCI compliant online processor:
PCI DSS (Payment Card Industry Data Security Standards) is a set of standards developed by the payment card industry to protect cardholder information and maintain a secure environment. Online payment processors that are PCI compliant receive certificates based on their practices. In order to receive these certificates, they need to do the following things: create and maintain a security manual, conduct regular security checks, and perform system access audits. All of this is done to ensure that their customer’s credit card information is secure.
According to the National Cyber Security Alliance, the main cause of 52% of all security breaches is due to human error. Here are some points to highlight with your staff to improve your district’s data security.
- Do not send sensitive information over email or social media sites.
- Use caution when opening email attachments and downloading files from unfamiliar sites.
- Passwords should contain a variety of uppercase and lowercase letters, numbers, and symbols.
- Passwords should be updated at least every three months and never written down.
Create a set of security standards:
Work with your district’s IT department to come up with a set of standards on how you will handle cardholder information to keep your networks secure. Once the standards are created, they should be posted in an accessible place for employees to reference like;
- How to handle cardholder information when written down or in an email
- Policies for using personal devices for work
- Software update practices
- How long you will hold credit card information
Educate users on what information you collect, how it is used, and stored:
Let parents know exactly how the information they give you is handled. This will give parents peace of mind when making purchases, and it also increases your school’s transparency within the community.
Work with your district’s contact partners and vendors:
You are responsible for how your partners and vendors handle your district’s cardholder information. Find out what measures they take to protect this sensitive information. You want to be sure that you choose vendors with your payer’s best interests at heart.
Offer continuous security training for staff:
Technology is constantly changing and so are the threats for potential breaches. Keeping your staff updated is one of the best ways to stay ahead. Pay attention to new technologies, trends, and standards that could keep your information safe. Resources are readily available online for your staff to research and get started.
Know exactly how you store credit card data and where:
You can’t protect your weak spots if you don’t know where they are. Start with your current process and work from there! Figure out the strengths of your data security and focus on the potential weaknesses to keep everyone’s data safe and sound.