PCI Compliance - Your Payment Security Matters to Us! 

At the Greater Houston Builders Association (GHBA), we take the security of your payment information seriously. Our payment processes follow strict PCI compliance standards to ensure your data is protected, whether you pay online or through another method. To help reduce processing costs while maintaining secure transactions, we encourage members to consider paying via ACH (Automated Clearing House). ACH payment options include setting up automatic payments through our secure portal via Plaid or making payments directly from your bank account to ours.  
Image

Frequently Asked Questions

Q: Is it safe to send payments via ACH?
A: Yes. ACH (Automated Clearing House) transfers are one of the most secure and widely used payment methods. When initiated through your own bank, the transaction is encrypted and protected by your bank’s security protocols.

Q: How do I get GHBA’s banking information to send an ACH payment?
A: Just reach out to our accounting department at cbuice@ghba.org or call us at (281) 664-1427. We’ll provide the necessary details so you can initiate the transfer through your bank.

Q: Why does GHBA prefer ACH payments over credit cards?
A: ACH payments have lower processing costs, which helps us keep membership and event fees reasonable. They’re also safe and efficient for both recurring and one-time payments.

Q: Can I set up recurring payments through ACH?
A: Absolutely. If you prefer GHBA to initiate ACH payments on your behalf, we’ll just need a signed authorization form. Contact us for details!

Q: What if I have more questions about payment security or options?
A: We’re here to help! Contact our accounting team any time with your questions or concerns.

Payment options for all invoices:

  • Cash
  • ACH through GrowthZone
  • Check
  • ACH through your company bank to GHBA’s bank. GHBA banking information available upon request.
  • Credit Card through GrowthZone
  • Payment Options Available through Growth Zone:

Credit Card – Processing system is Stripe, data security is certified through PCI DSS compliance.

ACH – Processing system is Plaid, intended for debit and cash accounts only, data security is certified through ISO27001 and ISO27701.

Stripe – https://stripe.com/guides/pci-compliance#how-stripe-helps-organizations-achieve-and-maintain-pci-compliance

Plaid – https://plaid.com/blog/plaids-continued-investment-in-security-and-privacy-standards/, https://www.iso.org/standard/27001, https://www.iso.org/standard/71670.html

What is PCI DSS compliance?

  • Stands for Payment Card Industry Data Security Standard
  • Sets the minimum standard for data security.
  • PCI DSS was developed to encourage and enhance payment card account data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect payment account data.
  • Is a global security standard for all entities that store, process or transmit cardholder data.

PCI DSS compliance involves three main components:

  1. Handling the entry of credit card data from customers; namely, that sensitive card details are collected and transmitted securely
  2. Storing data securely—which is outlined in the 12 security domains of the PCI standard—such as encryption, ongoing monitoring, and security testing of access to card data
  3. Validating annually that the required security controls are in place, which can include forms, questionnaires, external vulnerability scanning services, and third-party audits.

All businesses that accept credit card payments must comply with PCI DSS, regardless of volume, geographic region, or integration method. By complying with this framework, businesses can build customer trust, protect themselves from fraud and data breach and avoid fines for PCI compliance violations.

What is ISO 27001, ISO 27701 Certification?

ISO 27001 – is an international standard that specifies best practices and details the security safeguards that can help manage information security risks.

  • ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS). It defines requirements an information security management system must meet.
  • The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system.
  • Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard.

ISO/IEC 27701 – is an international privacy standard that extends the requirements of ISO/IEC 27001, which helps organizations comply with international privacy frameworks and laws.

  • Specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.
  • Specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.
  • Applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS.