INDUSTRY: Not-for-Profit
BUSINESS: Leading animal protection non-profit that fights for the protection of animal rights through advocacy, education, legislative, and hands-on programs.
SCOPE & SIZE: The nation’s largest animal protection organization with more than 10 million members and constituents.
BUSINESS CHALLENGE: The Humane Society needed a streamlined way to complete the required PCI DSS questionnaires and network vulnerability audits, and validate compliance to its acquiring banks.
OPERATIONAL HURDLE: While the Humane Society had maintained a secure network, it was costly and time-consuming to continuously maintain PCI compliance.
SOLUTION:
- Qualys PCI
WHY THEY CHOSE QUALYS:
- Qualys PCI helps the Humane Society to validate its PCI DSS compliance more automatically.
- Qualys helps the Humane Society protect its member and contributor information.
- Qualys helps the Humane Society to easily complete an annual PCI DSS “Self-Assessment Questionnaire.”
- Qualys PCI is an approved PCI DSS scanning vendor.
- Qualys allows the Humane Society to document and submit proof of compliance to acquiring banks quickly.
Humane Society Streamlines PCI Compliance Efforts
Qualys PCI automates PCI security audits and reporting for the nation’s largest animal protection and advocacy non-profit.
With more than 10 million supporters, the Humane Society of the United States is the nation’s largest animal protection organization. For more than 50 years, the non-profit has fought for the protection of animal rights through its advocacy, education, legislative and hands-on programs.
For this critical mission, The Humane Society relies on the goodwill of generous contributors. Like any other organization accepting credit card payments, the Humane Society must comply with the Payment Card Industry Data Security Standard (PCI DSS). The standard requires, among other mandates, that merchants maintain a secure network, encrypt stored cardholder information, have vulnerability management processes in place, and regularly monitor their security posture. Failure to comply can be steep: fines, restrictions, or even permanent expulsion from card acceptance programs.
“By turning to Qualys PCI, we significantly save on the time and resources we need to dedicate to maintaining PCI Compliance.”
Beverly Magda,
CIO,
The Humane Society of the United States
PCI DSS had been in effect for only about a month when Beverly Magda took the role as CIO at the Humane Society in the summer of 2005. “We’ve always felt that it's crucial that people know that their information is safe and secure when they donate through our site,” says Magda. That’s why, when the mandate took effect, the Humane Society already had good security practices in place, which included encrypting credit card data and keeping its network as secure as possible from attack. In fact, its processes already met the spirit of the security standard.
The Need for Streamlined PCI DSS Reporting and Compliance
What the Humane Society didn't have in place was a straightforward way to conduct its quarterly network vulnerability audits and submit the audit reports to the acquiring banks. To comply, the Humane Society needed these audits conducted by a qualified security assessor or scanning vendor approved and listed by the PCI Security Standards Council. And each quarter, the results need to be submitted to the Humane Society's acquiring banks.
For a time, the society relied on a third-party consultant to conduct these quarterly assessments, and help it complete the associated reports. But the process proved expensive and time-consuming, as the Humane Society’s IT team constantly had to find time to schedule the scans performed by the consultant and prepare and encrypt the PCI quarterly reports for electronic submission, or overnight them to the banks. “This was certainly inconvenient. We knew we could find a better way,” says Magda.
The search didn’t take long. To streamline the PCI compliance processes, the Humane Society turned to Qualys PCI – the same vulnerability and compliance risk management tool used by its third-party consultant. Qualys PCI, delivered as an on demand Web application, is the most accurate, easiest to use tool for turnkey PCI compliance testing, reporting, and submission.
Qualys PCI walks merchants through the PCI compliance process with a automated three-step guided process that includes straightforward online completion of the annual PCI DSS self-assessment questionnaire, network security scan, and automatic submission of the annual questionnaire or quarterly assessment results that validate compliance.
With its guided user interface, coupled with online help and 24x7x365 e-mail/telephone support, Qualys PCI ensures success in achieving and maintaining continuous PCI compliance. Most important to Magda and the Humane Society is the fact that Qualys, as an approved PCI DSS scanning vendor, is fully certified to assess and validate its PCI DSS compliance.
Today, all of the society’s PCI audits are scheduled and automated, and acquiring banks are notified quickly when the process is complete so they can download the required PCI DSS reports. “It takes a lot less time now,” Magda says. “At first, I had no idea that we could conduct these scans ourselves and be compliant. But Qualys PCI makes this possible for us,” she says.