View Single Post
Old 12-16-2013, 09:05 PM   #9
Bryan Hood
Affiliate Bryan Hood is offline
Bryan Hood's Avatar
Join Date: Mar 2008
Location: Nixa  Mo
Posts: 451
Re: Affiliate Standard Operating Procedures

Originally Posted by Brian Holub View Post
Double thread hijack. Just one quick thing I have to say because I noticed your credit card charge authorization form. Storing card data on paper is risky; while that might seem obvious it can't be reiterated enough. At least in the US (Europe has even stricter rules), you need to follow PCI-DSS (Payment Card Industry Data Security Standard) requirements when handling credit card data. It covers both electronic (software) and physical (locks, keys, etc) security requirements.

It may seem unlikely, but if credit card data is stolen from you and you have not followed PCI-DSS you can (will) by fined thousands (or tens of thousands, or hundreds of thousands) of dollars PER MONTH that you were violating PCI compliance. It probably won't happen, but it will ruin you if it does.

Sorry for the boring injection... just be careful, and be aware!
Good point. I keep all member information off site. Absolutely no money or member information is stored at our facility.
Bryan Hood, CrossFit of the Ozarks (wfs)
Owner/Trainer, Nixa, Missouri
CrossFit Shirts (wfs)
  Reply With Quote