––––––––––––––––––––
Subscribe to the Legal News!
https://test.legalnews.com/Home/Subscription
Full access to public notices, articles, columns, archives, statistics, calendar and more
Day Pass Only $4.95!
One-County $80/year
Three-County & Full Pass also available
- Posted September 20, 2010
- Tweet This | Share on Facebook
Tips for complying with credit card security rules
By Nora Tooher
The Daily Record Newswire
Agreeing to accept credit cards can be good for your practice. But lawyers who take this step need to comply with the industry's data security standards.
Many major credit card companies, including American Express, Discover, MasterCard and Visa, have adopted standards aimed at safeguarding cardholder data and reducing credit card fraud.
These standards address how merchants process credit cards and handle credit card information. All merchants, including law firms, were required to comply with the rules as of July 31, or face non-compliance fees from their credit card companies or merchant banks.
There are several steps firms have to complete to become compliant with Payment Card Industry (PCI) data security rules, including developing security policies and procedures for handling credit card data. Each ''merchant'' also has to complete a self-assessment questionnaire and an attestation of compliance.
Although compliance with the standards is not required by federal law, several states - Massachusetts, Minnesota, Nevada and Washington - have enacted state laws incorporating all or part of the standards.
One of the biggest benefits of the standards ''is simple awareness'' of potential data security problems, said Amy Airhart, PCI manager for Affiniscape's Law Firm Merchant Account.
The Law Firm Merchant Account, which is available through more than 50 state and local bar associations, processes credit card transactions for attorneys. According to Airhart, the product immediately separates funds into trust and operating accounts. All processing fees are deducted from the attorney's operating account, keeping the trust account balance intact.
Airhart noted that the credit card industry data security standards also address the issue of protecting their clients' credit card information.
''Oftentimes, attorneys think they're doing everything compliantly when, in fact, they are jeopardizing credit card data,'' she said.
Common mistakes include communicating credit card data via e-mail and storing credit card security codes on law firm computers, according to Airhart.
Erik Mazzone, director of the Center for Practice Management for the North Carolina Bar Association, suggested the following steps for keeping clients' credit card data secure:
Use strong passwords with letters, numbers and symbols.
Install software and hardware firewalls.
Keep anti-virus software up to date.
Make sure all employees have individual computer IDs, rather than a pooled ID.
Mazzone suggested that solo lawyers and small firms ask an information technology consultant to help them with data security issues. Lawyers who don't yet accept credit cards can check with their bar association or practice management organization for advice on how to process transactions.
Additional information on credit card data security standards is available at www.pcicentral.com
Published: Mon, Sep 20, 2010
headlines Jackson County
headlines National
- Lucy Lang, NY inspector general, has always wanted rules evenly applied
- ACLU and BigLaw firm use ‘Orange is the New Black’ in hashtag effort to promote NY jail reform
- 2024 Year in Review: Integrated legal AI and more effective case management
- How to ensure your legal team is well-prepared for the shifting privacy landscape
- Judge denies bid by former Duane Morris partner to stop his wife’s funeral
- Attorney discipline records short of disbarment would be expunged after 8 years under state bar plan
