Regardless of the subject or the sponsor, coordinators for CME conferences very often follow the same procedures for recruiting participants to their activities. There is the conference brochure with a conference registration form attached. This brochure is often printed, but digital versions that are emailed to prospects are becoming more and more popular. Included on the form are instructions for paying the registration fee. Acceptable forms of payments are checks, money orders, and credit cards.
Did you know that The Ohio State University has a policy that applies to individuals that handle or manage credit card transactions? The University’s Payment Card Compliance Policy (http://busfin.osu.edu/FileStore/PDFs/515_CreditCard.pdf) is intended to protect customer cardholder data and the University from a cardholder breach (think Target, American Express, Home Depot, or Citibank).
Compliance with the Payment Card Policy means more than locking up payment card information. Compliance requires making major changes in the way credit card payments are accepted. The first step may be redesigning that registration form and limiting the number of individuals who handle that form once it is received. You never want that registration form to be a self-mailer, especially if it will have payment card information on it. And you never want that form to be faxed or emailed back to you with payment information. The simple reason for these restrictions is the potential for too many other individuals to access this information.
The ideal solution is for the cardholder to conduct the entire transaction without needing to reveal account numbers and PINs to an intermediate party. The Center for Continuing Medical Education has such a solution with its online registration and payment website, and all CME conference coordinators are encouraged to use this system. Still, mailed registration forms remain very common as are registrations received by telephone. And these both obligate the cardholder to provide payment card account information to that intermediate party – the individual or organization between the cardholder and the processing bank.
The University’s Payment Card Policy has requirements for individuals and organizations that act in this intermediate manner. This policy sets the requirements for the use of payment card terminals, including virtual terminals; requires individuals that conduct payment card transactions to complete the PCI Compliance computer based learning module; and defines how, and by whom, payment card information may be managed. If you are managing credit card payments, you must complete the PCI CBL and submit to an audit of your procedures for handling and securing credit card information. While it is not preferred to request CCME staff to process bank card payments, CCME staff can create a link to an online invoice that may be sent to any credit card payee. This service not only is available for registrants but also can be provided to vendor applying to display at your CME activity.
In short, the Payment Card Policy should make CCME’s conference registration system a far more practical and safer means of collecting payments from your registrants; and our ability to create links to online invoices can speed up the payment process for vendor displays.