Reducing the Annual PCI Compliance Headaches
PCI compliance is an annual dance performed by those who process credit card donations. This talk will cover the current state of PCI standards and what it means to those who maintain the infrastructure related to processing these donations. CanadaHelps processed over $140 million in donations in the last year on behalf of Canadian charities. We provide a portal for donors to donate to any Canadian charity, as well as custom donation forms for charities, offline receipt generation, and a donation API. Security is a paramount concern for us, and we work closely with our QSA to ensure compliance and that we follow best industry practices.
This talk will include an overview of the Azure-based credit card tokenization service we created to decrease our PCI scope while maintaining our high standards of security. This is rapidly becoming the preferred industry approach, as some of the previous approaches have become non-compliant. Leveraging our Azure grant, we’ve been able to implement a solution that is robust, scalable, inexpensive, and secure.
- Describe a case study in decreasing the scope of infrastructure covered by PCI compliance
- Understand some on the hurdles for PCI compliance
- Discuss our Azure grant use case