PCI compliance - overview

As a professional conference organizer, the security of your data and financial transactions is of utmost importance to you. Assuring your clients that their credit card transactions are secure and protected from external threats is one of the most important topics you will ever face.

Data security affects you as well - in many cases, you can be held accountable in cases of a data breach. Computer hackers are getting more and more sophisticated and you want to be sure your technology offers you the greatest security and protection available.

Read the EventsAir Data Security Quick Guide here.

What is PCI Compliance?

PCI Compliance standards are a set of security standards developed by credit card companies (Visa, MC, Amex, Diners and others) that recommends how card holder data should be managed and protected. These standards are considered the “Gold Standard” of security and are adopted by most credit card processors and banks, and merchants are contractually bound by to abide by these standards.

While there are many elements to PCI Compliance, many of these standards focus on protecting the environment in which cards are processed and following safe procedures such as not storing the card data in unsecure locations and storing card data beyond the life of the transaction.

EventsAir is Level 1 PCI-DSS compliant, and this helps ensure the safety of your attendees’ Credit Card and personal data. We conduct internal and external testing and employ a rigorous set of security policies and processes to keep your credit card data safe at all times.

The EventsAir Credit Card Vault

A popular feature of EventsAir is the PCI DSS Compliant Credit Card Vault. This allows event organizers to safely capture and store attendees credit card details required to guarantee a hotel room without the need to charge the card. 

The credit card vault is maintained in a separate Azure environment and protected by a third firewall and will only accept traffic from specified EventsAir servers. The Credit Card Vault is not available externally. Each customer is given a unique encrypted key pair and all credit card data stored in the vault is double encrypted. Card data is automatically deleted 14 days after an event and all access to the Credit Card Vault is logged.

Payment Gateways

To process payments, EventsAir offers tightly and securely integrated Payment Gateways in various locations. To utilize real-time credit card payments, you will need to have an account with one of the EventsAir Payment Gateways. The Payment Gateway will provide you with the details needed by EventsAir (typically an API Token, certificate or username/password and account details) which are entered into EventsAir and you’re ready to process credit cards. 

Our integrated payment gateway is now available! Find out more here.

The Microsoft Azure Cloud

We designed EventsAir from the ground up for high security utilizing the state-of-the-art Microsoft Azure Cloud architecture. We offer several tiers of data isolation and can optimize performance, to a level to suit your needs and budget.