Fore!mula For Success - PCI Compliance - April 2010
Courses Make Investment to Keep Future Costs Down and Achieve Peace of Mind
With the proliferation of credit card usage, credit card security has become an important issue for everyone, and the golf industry is no different. The PCI (Payment Card Industry) Security Standards Council - founded by Visa, MasterCard, Discover, and American Express - recently set new mandates that businesses must meet to protect themselves against financial loss should a breach ever occur. In response to the guideline that businesses should use a PA-DSS or PCI compliant point-of-sale software system, Fore! Reservations developed a solution for its customers that meets all of the PCI council's software criteria.Since becoming available last fall, hundreds of Fore! Reservations Users made the decision to install this software version and purchase a black box server (required to operate the compliant version) ahead of the council's July 1, 2010 deadline. But taking these steps is just part of the "PCI puzzle". Golf courses are also responsible for other issues like employee background checks, locking down wireless networks, and overall network security in order to achieve their PCI compliance.
Eagle Trace Golfers Club, an 18-hole semi-private facility in Clearwater, MN, was one of the first courses to install the Fore! Reservations PCI compliant software version. "Fore! Reservations brought PCI compliance to our facility's attention," says Eagle Trace Golfers Club Owner Bruce Gohman. "I completely trust that Fore! Reservations wouldn't lead me astray, especially on something this important. When they told me this was coming down the pipeline and that it would be best to get prepared right away, I listened. I'm thankful they were watching out for my facility. We're prepared, and that's a good thing."
Unlike Eagle Trace Golfers Club, the University of Michigan Golf Course in Ann Arbor, MI, was fully aware of PCI compliance even before reading about it in Fore! Reservations newsletters. "It's a university requirement for our golf course to be compliant, so we knew about PCI from the very beginning," University of Michigan Golf Course Manager Chantel Jackson says. "We had no choice but to meet the university's standards and expectations to become compliant, and were thrilled Fore! Reservations was proactive on this front and developed a solution for us in time to meet the upcoming deadline."
In addition to being prepared to meet the credit card industry's deadline, Bruce and Chantel point out the investment value and peace of mind that comes with the insurance that their businesses are protected.
"Processing charges already add up and my assumption is if you're not compliant you could be subject to higher fees and possible penalties," states Bruce. "The primary reason for Eagle Trace becoming PCI compliant is to keep our costs down over the long run. If you run the numbers (if you had to pay even 1% extra for not being compliant) the black box server pays for itself within a short time period." Chantel agrees that being PCI compliant is a long-term value for the course. "The black box server is not just a necessary purchase, but a sound investment in our business. We're protecting the financial health and security of the course and patrons of the university community that play here for years to come."
Bruce also notes that in talking with other local business owners, he has learned he's not alone when it comes to PCI compliance. "It's everywhere. All businesses are having to take credit card security more seriously these days and go through this certification process," adds Bruce. "I'm thankful Fore! Reservations helped make our transition to PCI compliance very smooth. Their staff was well prepared and very diligent, walking us through every step of the process. Our IT guy has done a number of PCI installations in the area and he thought ours was the most efficient."
IT personnel from Rob Roy Golf Course, a 9-hole municipal course in Prospect Heights, IL, and Simi Hills Golf Course, an 18-hole public facility in Simi Valley, CA, also found the PCI upgrade process to be well executed. Rob Roy's IT Manager Michael Posch and Simi Hills' Computer Support Specialist Lee Martin explain why becoming PCI compliant was important to their operations. "The simple truth is customer confidence," says Michael. "A safe purchasing environment has become tied with a ‘quality product'. PCI compliance is good for both the business owner as well as the customer since it's designed to protect both sides of the transaction. You can also enjoy a little more peace of mind because you just hardened your environment from threats."
"Protecting customer data from becoming compromised and your operation from potential risk should be a very high priority for any business," Lee adds. "Not only would loss of data be extremely inconvenient and costly for our customers, recovering from a breach could be a significant monetary cost to our business and hinder our reputation."
Michael agrees that the security investment and overall value to the course is immeasurable. "Fore! Reservations did a great job helping raise awareness on the importance of getting compliant this year," Michael says. "I'm glad they decided to develop a compliant version rather than eliminate the credit card field in the system; doing so would undoubtedly turn into a loss of revenue somewhere along the line from no-shows or fewer reservations, and in this economy, anything that takes a potential tee time sale away has to be viewed as undesirable."
"All I can say is thank goodness Fore! Reservations has a certified version," says Chantel. "Their foresight to have a solution available last fall so we could do our upgrade in the off-season was a huge advantage. We love the software and it would have been very discouraging if we had to settle for subpar software in order to be PCI compliant if Fore! Reservations didn't have a solution."
Users that installed the new version appear to be appreciative that the software component of PCI compliance was handled by Fore! Reservations well in advance. "Fore! Reservations is a true leader in the technology industry, and as a customer that's something I've always appreciated. They had a PCI compliant solution available for its Users before many of us even knew of the credit card industry's new mandates. Fore! Reservations is a business partner that clearly has the best interest of my golf course in mind," concludes Bruce.
"PCI compliance is a necessary demand that businesses have to adopt to in this day and age, and golf courses are certainly no different," states Michael. "You aren't going to escape it if you process credit cards. So we, like many, have embraced it and accepted it. The cost of inaction is just way too large."
For more information regarding PCI compliance please click here or visit the PCI Security Standards Council Website www.pcisecuritystandards.org. To order your black box server from Fore! Reservations email This e-mail address is being protected from spambots. You need JavaScript enabled to view it or call 630.789.9705. *Canadian courses please contact Colin Fraser of Score Advertising at This e-mail address is being protected from spambots. You need JavaScript enabled to view it or call 204.975.9293.
Have you ever read about an idea in a Fore!mula For Success article and decided to implement that idea at your facility? If so we'd like to include you in an upcoming Fore!mula For Success article. E-mail This e-mail address is being protected from spambots. You need JavaScript enabled to view it and we'll include your story.
