Friday, October 06, 2006

How do web-based event management solutions protect customer data?

Event Solutions magazine requested content for an article about how event management solutions like Register123 help protect customer data, compared to using manual systems like Excel spreadsheets to track financial information, credit cards, personal data, etc. While I cannot tout specific Register123 features in a contributed article, I can do that here.

The short answer to this question is that, compared to manual systems like Excel, Register123:

  • Collects data safely
  • Transfers data safely
  • Stores data safely
  • Monitors potential vulnerabilities better
Data Collection
Online registration systems collect private and financial data more securely than do paper, email, or phone processes. With Register123, registrants can submit credit card payments without any human (other than themselves) seeing the cardholder information. With traditional systems, someone within the event management office must receive and reenter the credit card information into their transaction system.

Data Transfer
Another threat to private information is during data transfer between parties. R123 transfers data using 128-bit encryption standards via https, so that only the sender and recipient can read the information. With email, flash drives, and paper files, data can be read by anyone who happens to see it in transit between the two parties.

Data Storage
Register123 stores data more securely than do typical computer systems. Credit card numbers are encrypted prior to storage in the database and are deleted physically 90 days after the event ends. Card security codes (CVV numbers) are never stored, and address verification is used to validate cardholder authenticity. Our database is located behind a dual-zone firewall, and undergoes continuous intrusion detection, anti-virus protection, physical security, and anti-hacker monitoring. This storage environment is much more save then the typical event management practice of storing data in unencrypted Excel spreadsheets on desktops that don’t use file-level password protection.

The greatest threat to personal and financial data is through human error and theft. With Register123, all data is stored securely in a central location, which is less vulnerable to data theft compared to files stored on easily-stolen laptops or desktop PCs with screens that are visible to any passer-by.

Certain Software and other organizations that adhere to the Payment Card Industry (PCI) standards must perform background and credit checks on all employees, and we must "silo" data access on an "as needed" basis. This level of human security is closer to that found in banks and other financial institutions that deal with PCI standards, and the result is higher data security when compared to the typically open environment of many event management organizations.

In addition to monitoring human vulnerabilities, Certain subscribes to anti-virus and anti-hacking programs that daily update known technical vulnerabilities. Our server farm also has an intrusion detection routine that looks for suspicious behavior on our network and alerts our team if something is amiss.

No comments: