Guidelines for IEEE Conference Credit Card Processing
Due to regulations mandated by MasterCard, Visa, and American Express,
IEEE and its service providers must comply with Payment Card Industry
(PCI) Data Security Standards. IEEE is PCI compliant and will continue to
ensure that credit card processes meet the industry standards.
This issue is being taken seriously by IEEE because of our strong commitment
to our members and customers. IEEE is taking all appropriate measures to
ensure cardholders’ credit card information is secure.
The current PCI regulations affect eCommerce and also encompass manual
credit card processing. ECommerce includes processing credit card
transactions over the Internet. This also includes the collection of credit card
information over the Internet. These standards are international standards, and
affect all conferences worldwide.
The regulations cover three basic areas:
As a whole, past IEEE conference credit card processing did not meet the
requirements required by PCI. Certain events were actually in compliance
and some where not. The non-compliant events will have to look into other
options for managing their credit card processing program.
Not following the credit card processing procedures below will open yourself
and IEEE to unnecessary risks & liabilities. IEEE can be fined and risk losing
its ability to process credit cards.
The diagram listed below is a basic flow for eCommerce transactions. There
is not one straight forward flow as to how credit card data, processing, and
funds transpire either by eCommerce or manual processes. All steps in the
flow must be compliant.
Pass Authorizted $ $
credit Transactions Funds
card Sent for Deposited
Attendee registers on-line Registration System Merchant Processor Bank
Authorizaation Bank Account
Given or Denied
II. IEEE currently offers the following options for credit card processing:
1. IEEE Conference Management Services (IEEE CMS) can provide IEEE
entities with comprehensive pre and on-site registration services. Our PCI
Compliant on-line registration system is available worldwide 24 hours a
day, 7 days a week.
2. IEEE also offers two manual processing options. (link to credit card
Option 1. The use of an IEEE credit card machine, which can be
used to manually enter credit card information or brought on site
to swipe cardholder information.
Option 2. IEEE will process the charges on behalf of the
III. Third-Party Processing:
1. Not a recommended method of processing, but acceptable if it follows the
proper compliance procedures, including PCI.
2. If the conference hires a third-party, IEEE policy states all contracts,
which exceed $25,000.00 exposure, must be signed by IEEE.. The
exposure value can be determined by adding the estimated total revenue
collected plus fees paid to the third-party
3. If hiring a registration company to process registrations and other credit
card transactions, the third party must be PCI compliant. They must
provide the conference with a current certificate showing compliance.
If the third party states they are compliant, but do not have a
certificate, please contact the IEEE.
IEEE will check for PCI compliance during contract review.
4. Setting up Merchant Accounts and Gateways.
Volunteers cannot set up merchant account or gateways under
The third-party must set up its own merchant accounts and
gateways., which must be compliant
IEEE can give the third-party company access to existing
merchant accounts (Option 1a), only after the third-party has
proven they are PCI compliant.
a. Third-party is still responsible for setting up a
b. Benefits include access to IEEE credit card rates
and the money stays within IEEE.
5. Make sure the third-party contract clearly states all entities involved in
handling and/or holding the conference’s credit card money. The
conference should clearly understand exactly how the credit card funds
6. Make sure there are no pass through fees in the conference’s contract.
IEEE will look for this during contract review, and will revise the contract
IV. Methods no longer acceptable.
1. Conference volunteers cannot open up their own merchant accounts or
2. Conference volunteers cannot have any on-line access to credit card data.
3. Conferences cannot hire non-compliant third-parties.
4. Conferences volunteers can no longer use existing IEEE merchant
numbers for processing. These will only be given out to PCI compliant
third-parties who prove they are compliant.
V. Concentration Banking (link to CB web site)
1. If using any non-IEEE credit processing service, the conference must
coordinate with IEEE Concentration banking to coordinate auto deposits
2. Contact the Treasury Department four weeks prior to processing
transactions to ensure the proper flow of credit card funds into the
conference’s concentration banking account.
3. Do not provide third-party processes with a copy of a VOIDED check; this
is not the bank information they need to send the funds.
VI. Manual Credit Card Processing:
1. IEEE offers two options for manually processing credit card transactions.
Volunteers may process these types of transactions. (link to credit card
Option 1: IEEE will rent a credit card machine to the conference
that can be used for pre & on-site registrations.
Option 2: The conference collects the credit card information
than sends the information to IEEE to be processed.
2. Best practices for processing manual transactions:
Store hard copy credit card information in a secure (locked) area
Do not ask or send credit card numbers over email.
Send or receive credit card information by secure fax.
Only issue refunds to the same credit card that the original
payment was made on (do not issue refunds to another credit
card number or issue a check refunds)
Do not collect or store CVC Codes
VII. Glossary of common credit card terms
1. ECommerce: Business-to-consumer or Business-to-Business commerce
conducted by way of the Internet or other electronic networks.
2. Manual credit card processes: Collection and processing of credit card
using non-eCommerce tools.
Example: Collection by fax, mail, or in person.
Example: Processing using a credit card machine or sending the
information to IEEE or a third-party to process.
3. Discount rates/Credit Card Fees: Credit card processors charge
discount rates (a percentage of the total sales processed). They can also
charge per transaction fees, chargeback fees, and rental/admin fees.
Current IEEE discount rates for all services are:
American Express 4.0%*
Diner’s Club 2.5% or 4.5% (majority 2.5%)*
* The conference receives the discount rate back from IEEE when
refunds are processed
4. Merchant account: An account set up with a credit card processor. The
merchant bank will collect the funds from the cardholder’s bank and
transfer the funds to a specified account.
5. Gateway: A gateway will collect and authorize (or decline) cardholder
transactions. The gateway will than periodically (daily) send the
information to the merchant bank for processing.
6. PCI Compliant Certificate: Issued by a merchant approved scanning
vendor on a quarterly basis.
7. Pass-Through Fees: Fees passed from the vendor to the conference (or
IEEE). This can include fines, law-suits, from being non-compliant.
8. Originator ID: An ID number from the vendor or processor, which
IEEE’s bank needs to allow automatic transfers into or out of
9. Exposure: Total amount of liability to IEEE. Includes all stated
contractual fees, plus credit card fees, as well as, total revenue processed.
VIII. IEEE Contacts:
Conference Credit Card Processing:
Peter Curtis, Manager Conference Finances
Phone: +732-562-5598 Email: firstname.lastname@example.org
Charles Krajcsik, Treasury Manager
Phone: +732-562-6837 Email: email@example.com
IEEE PCI Compliance:
Suzanne Stiles, Manager Financial Compliance & Control
Phone: +732-562-5322 Email: firstname.lastname@example.org
Vita Feuerstein, Manager Conference Planning
Phone: +732-562-6826 Email: email@example.com
IX. PCI Compliant Third Parties
The companies listed below are a sample of known PCI compliant third parties. These
companies are not being endorsed by IEEE.