12 Musts for Your EFT Program

8. Assign a unique ID to each person with computer access.

9. Restrict physical access to cardholder data.

10. Track and monitor all access to network resources and cardholder data.

11. Regularly test security systems and processes.

12. Maintain a policy that addresses information security.

An organization that fails to comply with these standards could be fined by the bank that processes its transactions. Conry-Murray advises nonprofits first check with their bank or credit card processors to find out if they need to comply with the requirements.