7 min read

PCI Compliance for News Publishers and the Media Industry

Jun 22, 2020 3:50:04 PM

Newspaper Publishers PCI Compliance Blog Graphic-centered

Still Using a Lockbox and Phone-Based Payments? You May Be Putting Your Newspaper at Risk.

By their nature, news organizations are required to handle a surprisingly large number of financial transactions. Emerging digital privacy legislation, including the New York SHIELD Act, is making it harder for newspaper organizations to securely handle payment information and maintain compliance with local and national cybersecurity standards

In the hectic, deadline-driven world of the press, it may be tempting to maintain the status quo of processing payments the “same way it has always been done,” leaving requirements like PCI compliance to chance. Leaders in this industry may feel like it would take too much time and effort to research and select a new payment method to replace their lockboxes and phone-based payments but, as it turns out, the cost of non-compliance is much higher than it seems.

Who Must Maintain PCI Compliance? 

If your organization interacts with credit cards in any way, you are subject to PCI-DSS and must maintain PCI compliance.  

PCI-DSS, which stands for the Payment Card Industry (PCI) Data Security Standard (DSS), is a set of rules and regulations that aim to reduce credit card fraud for Visa, MasterCard, American Express, and Discover cards. 

If your news organization stores, processes, or transmits subscription and ad payments by credit card, including having customers write down credit card information on a mail-in slip or accepting card payments over the phone, your company is mandated to maintain PCI compliance. This means you must follow a range of information security measures. 

PCI requirements are categorized into 4 levels, depending on the number of transactions you run in a month. 

As you can see, compliance tasks for PCI are not overly onerous, but they do require you to pay close attention to details and complete some paperwork. This is a bit of extra work on your part, but the time you spend on it is well worth it because the cost of non-compliance can be steep.


Non-Compliance can result in:

Unfortunately, lockboxes and phone-based payments, which many news organizations still rely on, may be putting your newspaper at increased risk.

 
Why Lockboxes Often Cannot Meet the Standards:

Lockboxes require physical handling of credit card data on mail-in slips, which opens up your organization to increased risk and may limit your abilities to meet PCI compliance. 

Lockboxes waste your organization’s time and money because they are inconvenient to use and manage, and they slow down payment times significantly when compared to digital payment methods.


Lockbox Users Typically Remark on their Unhappiness with:

  •     Time-consuming payment processing
  •     An avalanche of paper or scanned sheets that have to be filed and managed
  •     Inability to take advantage of cost-saving Level 3 processing
  •     Lack of centralized payments insight
  •     Non-integrated systems requiring payment reconciliation
  •     Lack of timely customer support (if any)
  •     Lost, misplaced, or error-prone payments
  •     Inability to process international payments

News organizations that use lockboxes additionally remark on their unhappiness with:

  •     Manual and error-prone subscription tracking 
  •     Time-consuming customer support tasks because customers have no self-serve option
  •     Slow snail-mail payment speeds in a fast-moving industry

Again, all these inconveniences are secondary to the main problem with lockboxes, which is that lockboxes are hard to secure and often non-compliant with PCI standards. With lockboxes, and with phone-based payments, your income is reliant on manual data entry… and you never know who is entering that data for you

A better, more secure option lies in integrated payments.


How to Maintain PCI Compliance with Integrated Payments:

Lockboxes are not the only payment solution, nor are they the least expensive!

If lockboxes and phone-based payments open up your organization to the risk of non-compliance and its resulting fines, fees, lawsuits, and reputation costs, you may be wondering what your alternatives are. You may also be wondering if the alternatives are costly. (Spoiler: They are not!) 

Of course, every news organization will have unique needs for their payment acceptance tasks, but one popular choice among modern organizations is integrated payment solutions

Integrated payments: 

  •     Save time and money
  •     Mitigate risk and improve PCI compliance capabilities
  •     Support efficiency
  •     Integrate with other apps and programs used by your organization
  •     Eliminate snail-mail waiting times

In addition, leading integrated payments solutions provide much-needed payment and organizational flexibility, because they can:

  •     Accept lower-cost ACH payments
  •     Increase speed and security for payments with customer self-serve options
  •     Simplify subscription payments with “set it and forget it” recurring payments
  •     Save up to 43% of B2B payment processing costs with Level 3 data
  •     Generate notifications that alert you when subscriptions will be ending
  •     Securely store card data using the latest in card security technology (e.g. tokenization)


3 Steps You Can Take to Improve PCI Compliance Right Now:

The biggest way that news organizations can save on payment costs is to reduce the likelihood that you will fall victim to a breach. These days with lockboxes, that task is harder than ever because the New York SHIELD Act has updated their definitions of “private information” as well as “breach activity” to be much more inclusive. 

Here are three steps you can follow to improve your compliance activities immediately. 

  1.   Look into your PCI compliance requirements and see if you meet the standards
    To do this, you can contact your Merchant Service Provider (MSP) and ask about required forms and documents, or you can access this checklist for a quick overview of what you should be tracking.

  2. Focus on tightening up your cybersecurity policies.
    This includes simple tasks like updating your passwords, patching your systems, using (and updating) good antivirus software, and limiting the amount of credit card data you are storing. This is important, as card processors will sometimes reduce or eliminate non-compliance fines for companies acting in “good faith” to secure and protect card data. 

  3. Check to see if modern payment integration solutions would save you money, as compared to your outdated lockbox methods.

A large number of news organizations are surprised to discover that not only are integrated payment solutions more flexible and better for time management, they are also better for the wallet. Request a free merchant statement audit to see how much your organization would save with integrated payments.


Ready to Get Started?

There is no easier way to become PCI compliant than by working with the experts at APS Payments, who will guide you every step of the way.  APS Payments works with Press Associations to help advise their clients on PCI Compliance. We are a gateway and processor that is trusted by thousands of merchants daily to process payments and work diligently to offer the lowest credit card processing rates, reduce risk, and provide the best payment solutions for customers.  

Get started today when you access the complementary PCI compliance checklist from APS.

New Call-to-action

Hillary Heath
Written by Hillary Heath

SAP Channel Manager

Post a Comment