SD&A Makes PCI Compliance Grade, Takes Credit Card Security to New Level

Share Article

The nation’s leading telemarketing firm for nonprofit organizations puts additional measures in place to protect cardholder data; company earns seal of approval from qualified security assessor.

By taking the necessary steps to achieve PCI compliance, SD&A has joined an elite group of merchants and service providers who refuse to give their clients anything but the very best when it comes to data security.

SD&A Teleservices, Inc. has been officially designated as a PCI compliant service provider by Digital Resources Group (DRG), an accredited Qualified Security Assessor and a well-respected name in the information and data security industry.

PCI is an abbreviation for Payment Card Industry, a group that includes Visa, MasterCard, American Express, and Discover. Compliance refers to a set of standards and regulations that the leaders of this industry have established as a way to proactively safeguard sensitive cardholder data.

While SD&A has always taken credit card security very seriously, the company’s year-long effort to achieve PCI compliance was an eye-opening experience on several levels.

“This process has taught us about the many real dangers that are out there—things we might not have considered if we hadn’t consulted with a qualified security assessor,” said Steve Koehler, SD&A president and chief operating officer. “It’s also taught us that simply filling out and answering the questions on the PCI self-assessment questionnaire is not enough to prove that a company is doing everything it can and should to properly safeguard patron data. If a telemarketing firm does not have a signed letter of attestation from a qualified security assessor, that telemarketing firm is not truly PCI compliant—it’s as simple as that,” he said, adding that SD&A’s letter of attestation is available for viewing by clients and prospective clients at their request.

While PCI compliance is a multifaceted approach to fraud prevention, it all boils down to this: SD&A’s security environment and its related systems and procedures have now been fortified—according to stringent industry guidelines—to better protect cardholder information. By maintaining a secure computer network, by encrypting all communications that contain credit card data, and by changing the way employees handle cardholder information, SD&A can now provide clients with even greater assurance (and peace of mind) that their patrons’ credit card data is safe.

“The only way for a company to comprehensively assess the strengths and weaknesses of its security systems, and to properly identify and rectify any potential weakness, is by working with a qualified security assessor.” Koehler said. “DRG went through every aspect of our network and phone room installations with a fine tooth comb, and then made a series of recommendations to help us reach PCI compliance—from installing surveillance cameras to redesigning the way we store and transmit credit card data to writing new code for our reporting software.”

To ensure ongoing compliance, SD&A will continue its close working relationship with DRG. Representatives from DRG will conduct quarterly scans of SD&A’s security measures. Additionally, SD&A will conduct its own, in-house reevaluations every 60 days.

“In today’s ever-changing threat landscape, securing cardholder data and complying with the PCI Data Security Standard requirements can be challenging even for the most seasoned IT professionals,” said Jim Cowing, DRG’s managing director. “By taking the necessary steps to achieve PCI compliance, SD&A has joined an elite group of merchants and service providers who refuse to give their clients anything but the very best when it comes to data security.” Cowing added that non-compliant merchants and service providers can face fines from multiple card associations, in addition to costly forensic investigation and irreversible brand damage.

“The process to reach PCI compliance required a significant investment of time and resources,” Koehler said, “but when it comes to protecting our clients and their patrons, SD&A is committed to doing whatever it takes.”

Since 1983, SD&A has designed and managed more campaigns for a wider variety of nonprofit organizations than any other telemarketing firm in the country. It has enjoyed successful partnerships with performing arts organizations, museums, public broadcasting stations, environmental organizations, universities, political candidates, advocacy groups, zoos, aquariums, libraries, hospitals, and other cause-based organizations. In the process, the company has raised more than a billion dollars in revenue for its clients.

DRG, a qualified security assessor accredited by the PCI Security Standards Council (PCI SSC), has a history of providing successful security solutions for its customers. Originally founded in 1997, by three former Wells Fargo employees responsible for information security, DRG pioneered the early evolution of security best practices for e-commerce.

Mary Jane Avans, Senior Director of Business Development
(678) 904-1583

Visit us on the web at


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Mary Jane Avans
Visit website