Photo credit: Pexels

Which Organizations Need To Be PCI Compliant? (Probably Yours)

By David Stidham, Operations Manager at Cenetric

PCI compliance sounds a little intimidating to most smaller organizations, and honestly — it can be. There are a lot of requirements and some hefty fees that can come with non-compliance. But working with the right managed services provider can take a few  of the worries off your plate.

PCI compliance basics

PCI compliance means following the Payment Card Industry Data Security Standard (PCI DSS), which ensures that credit card information is securely handled as it moves across payment networks and in how it’s stored. 

If you take credit cards, that makes you part of the payment network, which means you need to follow PCI standards — a list of 12 requirements that include IT issues like:

• Maintaining a secure network with a firewall and changing default system passwords.
• Vulnerability management like protecting against malware and maintaining a strong network.
• Implementing and maintaining the right security policies

Heads up: In 2025, many practices that were previously only recommended are now required, including things like multi-factor authentication for organizations that store payment data. 

Compliance involves not just following these requirements but regularly assessing and certifying your compliance. (And fixing any issues that you find along the way.) Non-compliance has steep costs: If you’re part of a breach, the fines, reputational damage and potential lawsuits from customers whose data was stolen could devastate your business. 

It’s important to sort out what your compliance obligations are when it comes to receiving funds via credit card. You can’t follow the rules unless you know what they are for your organization. The good news is that strengthening your IT security measures is never a bad idea. 

Which organizations need to be PCI compliant

Essentially, any organization that takes a credit card should ensure PCI compliance. Of course, there are the obvious examples:

• Retail
• Restaurants
• Service providers

But if you’re a nonprofit, church, or another place of worship, don’t think you can overlook PCI compliance. With 91% of recurring donations occurring with credit cards, making sure you’re prepared to safely take both credit and debit cards is imperative.

Your role in compliance begins by choosing compliant vendors to work with. Whether that’s a payment processor like PayPal, Venmo, or Apple Pay or an online donation platform that processes credit cards for you, choose carefully and specifically inquire about PCI compliance. (We can help guide you, if needed.)

Though choosing compliant vendors helps lower your compliance burden, you still have responsibilities around your own systems. Working with a managed services provider who knows the ins and outs of PCI compliance can ensure that you stay on track and have all the right tools in place. 

Anything from out-of-date patches to weak Wi-Fi practices can affect your organization’s IT security, putting PCI compliance at risk. The right managed services provider can help you make sure your technology ducks are in a row, from your network to your Wi-Fi to choosing a donation or tithing platform to suit your organization’s needs.

Cenetric can help you stay secure and compliant

We get it — choosing the right solutions and maintaining security practices can be daunting, especially when your budget is a concern. The experts at Cenetric are here to help your service organization or place of worship make smart technology choices with cost in mind. 

Working with nonprofits and churches in the Kansas City region, Cenetric has the experience and availability you need to keep running smoothly 24/7. Tell us about your organization and we’ll be in touch right away.