Tag: Q&A

60-Seconds with The British Council

Alina Makarova_The British CouncilAlina Makarova is the operations manager of British Council’s ‘Going Global’ conference – the world’s largest open forum for education leaders debating on international higher education issues and challenges.

EventTech Talk had a chat with her to find out about some of her favourite event venues and restaurants, her worst event nightmare, event technology she’s looking forward to using one day and what she thinks is the most important trend in our industry.

How long have you been working in events?

I have been working in the industry for over eleven years.

Favourite venue for an event?

The ExCel at the Docklands in London is perfect for large scale exhibitions. The Grand Hotel in Stockholm is a good venue for medium sized conferences. The Taj Lands End hotel in Mumbai is another beautiful venue with excellent conference facilities and friendly staff.

Favourite restaurants?

Texas de Brazil – a Brazilian steakhouse in Miami and Kloof Street House in Cape Town.

Favourite outdoor venue? 

The Kempinski Hotel & Residences Palm Jumeirah in Dubai.

Best event experience?

The Future Cities conference in Nigeria organised by Economist Conferences and attended by three presidents at the same time.

Best event app experience?

The Going Global conference app powered by SpotMe.

What would you say is your biggest challenge when planning an event?

Ensuring all third parties stick to the required deadline when preparing for an event.

What has been your biggest event nightmare?  How did you deal with it?

I have had speakers not showing up for their presentations, delegates fainting on site and a venue experiencing a complete power cut. Staying calm and positive whilst doing whatever it takes to resolve a disastrous situation is the best you can do!

Which industry event do you find most useful?

International Confex in London.

How do you relax after an event?

I do yoga.

Mobile app you couldn’t live without?

Citymapper and Spotify.

Facebook, Twitter or LinkedIn?

When it comes to event marketing, I recommend using all three.

What do you see as the most important trend in the events industry today?

Digitalisation of all and everything.

New event technology you’re looking forward to using one day?

Wider use of QR codes.

What do you think are the key personality traits for a successful event planner?

Ability to stay calm under pressure, great time management, flexibility and leadership. Above all though, positive attitude and being a team player!

Click to get in touchWhat has been the best piece of advice someone has given to you?  Any words of wisdom?

Get involved in as many events as you can from the very start of your career – volunteer, attend, organise. Never stop learning, asking questions and benchmarking against your peers.

 

60-Seconds with University of St Andrews

Scott_Francis_University_of_St_Andrews_2Scott Francis is an event manager at the internationally renowned University of St Andrews – the oldest university in Scotland.  His team is in charge of managing more than 250 events each year ranging from large conferences that gather around 1,000 delegates to summer schools, weddings, gala dinners and student balls. 

EventTech Talk had a chat with him to find out about some of Scotland’s best restaurants and venues, his worst event nightmare and his best piece of professional advice:

How long have you been working in events?

I have worked at the university for 15 months, but worked in the events industry for 6 years before that.

Where is your favourite venue for events?

The Assembly Rooms on George Street in Edinburgh, Scotland is absolutely beautiful and a fantastic size.

What is your favourite restaurant?

A small tapas restaurant in Broughty Ferry called, Sol y Sombra. The food is wonderful and the staff are all so professional and friendly.

What would you say is your biggest challenge when planning an event? 

I would have two equally big challenges: The first is short lead time with an event. The second is an unreachable client – a lot of academics have a lot of work on their plate so they’re not always in their office!

What has been your biggest event nightmare?  

I was the manager of the operational team for a large gala dinner in my previous work, and the client was told the maximum number of guests allowed was 590. The day before, we were informed there were 626 tickets sold which meant another 3 tables had to be situated in an already full space. And to make matters worse, none of the guests had received their pre-order wine forms! So the one very small bar for the function was rammed!

How do you relax after an event?

I like to bring my duvet to the sofa and watch endless Netflix.

Mobile app you couldn’t live without? 

WhatsApp Messenger

New technology you’re looking forward to using one day (drones, holograms, AR/VR)? 

How amazing would it be to have a key note speaker in hologram form presenting from somewhere else in the world!?

Click to get in touchIf you could have one superpower, what would it be? 

To stop time!

What has been the best piece of advice someone has given to you? 

My old boss once said everything happens for a reason. Everything that is sent to test you, teaches you something new and you learn everyday.

 

 

Delegate Card Payments & Security Compliance: Questions Answered

PCI COmplianceEnter registration details, make your payment and click submit.  It’s the kind of information most event websites ask for. But when your delegate makes a payment, how do we make sure their card details are kept safe? If your organisation is involved in storing, processing or transmitting any delegate cardholder data – manually or electronically – you need to comply with the Payment Card Industry Data Security Standard (PCI DSS).  And that means meeting tough standards that maximise your delegate’s payment card security – or face the prospect of fines.

Unfortunately, many organisations don’t bother thinking about PCI compliance until they are due to be audited, which at best, leaves them playing catch-up or at worst, means they fail because they haven’t met the requirements. A recent report by Verizon – which assessed more than 5,000 organisations across 30 countries – found that nearly 80% of all businesses failed their interim PCI compliance assessment. More importantly, lack of compliance was linked to data breaches: Of all the data breaches studied, not a single company was found to be fully PCI DSS-compliant at the time of breach. The study also found 69% of all consumers were less inclined to do business with a breached organisation1. So the stakes of non-compliance are pretty high.

Last month, Eventsforce conducted its own survey with senior event planners in the UK and the US to assess their understanding of delegate payments and PCI-DSS requirements. The results were quite surprising.  Nearly half of those surveyed didn’t know if they were PCI DSS compliant, with 84% not being able to identify compliance requirements and a further 73% unaware of the fines for non-compliance.

So what exactly is PCI-DSS and what do event planners need to know about it? Below are six of the most common questions we come across when discussing issues around delegate payments and data security.

What is PCI-DSS compliance?

If your events are set up to accept payments from delegates via credit or debit cards, then your organisation is obligated to achieving and maintaining compliance with the PCI Data Security Standard.  PCI DSS is an information security standard for any organisation handling credit card transactions from the major card schemes, including Visa, MasterCard, American Express, Discover and JCB.  The standard was created to increase controls around cardholder data to reduce credit card fraud. It has three basic components which include analysing IT systems for vulnerabilities; patching weaknesses and deleting unnecessarily stored data; and submitting compliance records to banks and card companies (a detailed description of all 12 requirements can be found here).

In the case of events, compliance would mean ensuring that no delegate payment card data is stored unless it is necessary to meet the needs of your event or business. This applies to all types of transactions – electronic (card payments through event website) or manual (card payments over the phone or on-site). If it is absolutely necessary for you to store this information, then you need to know what you can and can’t do. Sensitive data from the magnetic strip or chip, for example, may never be stored but other information such as card numbers (PAN), expiration dates, service codes or cardholder names may be stored if the correct encryption procedures have taken place to ensure data safety (more on this further down).

Isn’t This the Responsibility for My IT/Legal/Finance Department?

 Setting policies and procedures around compliance usually is the responsibility of these departments but adherence to these policies is a shared responsibility across any department dealing with delegate card payments – including the events team. In the case of any fraudulent activity involving the payment card of one of your delegates, a bank can easily trace it back to a PCI-related breach to your organisation and hold you responsible. There are considerable fines associated with non-compliance following a data compromise; these can range from ten to hundreds of thousands of pounds. Many non-compliant organisations have stopped trading because the fines could not be accommodated.

Do I Have to be PCI-DSS Compliant?

PCI-DSS compliance does not just apply to the storage of payment card data but also to the handling of data while it is processed or transmitted over networks or phone lines. While not storing credit card data does eliminate some compliance requirements, the majority of the controls dictated by the DSS remain in effect.

ID-100354956One way of simplifying compliance is to outsource the process to one of the many PCI-DSS-certified payment gateways that meet the required standards, such as Stripe, PayPal, Sage Pay and Worldpay, among others. This makes it possible for delegates to interact with the gateway software directly so that card information never hits your own servers. However, make sure you understand how these payment gateways interface with your event management/registration systems. If your event website integrates with these gateways via an API, then you are still liable for PCI compliance since your servers capture and transmit the credit/debit card data first.

Read more: Top 5 Things to Think About When Dealing with APIs

Do I Still Need to Consider it if my Payment Gateway is Compliant?

Yes, if you take delegate/attendee payments offline or over the phone. In our event data security survey, 49% of event planners said they take credit/debit card details from their attendees over the phone. This doesn’t help with PCI compliance unless the information is directly entered into the payment gateway system. Even then, are the card details written down somewhere first?  If so, do you dispose of the paper?  How is the paper disposed and when?  Do you email these details to anyone? These are all very important questions you and everyone else on your team need to be very aware of at all times. So make sure you have the correct policies in place and that your staff are trained to follow all necessary procedures that ensure compliance.

What if I do Need to Store Card Details for Some of my Events?

Our survey found that 11% of event planners ask their attendees to fill in card details within registration forms as a form of deposit on possible extras like transport, hotel rooms, dinners, and so on. Some payment gateways like Stripe have a good way of managing this without making your organisation subject to PCI-DSS regulations.  At a minimum, PCI DSS requires card numbers (PAN) to be unreadable anywhere they are stored (the first six and last four digits are the maximum number of digits that may be displayed).  However, as a general rule, it is not advisable to use registration forms to capture credit card details as it does increase the risk of breach.

What Are the Main Data Security Guidelines for PCI-DSS Compliance?

If you do have a legitimate business reason to store your delegate’s payment card data, it is important to understand what data elements PCI-DSS allows them to store and what measures they must take to protect that data. Below are some basic do’s and don’ts for data storage security:

Data Do’s:

  • DO understand where delegate card data flows for the entire payment transaction process – from initial registration until the completion of the event.
  • DO verify that your payment applications (including third-party applications like PayPal) are PCI-DSS compliant. Have clear access and password protection policies and remember, it is your responsibility that compliance is not just met but continuously maintained. Security exploits are non-stop and get stronger every day, which is why compliance efforts should be a continuous process.
  • DO retain cardholder data only if authorised and ensure it is protected
  • DO use strong cryptography to render unreadable cardholder data that you store, and use other security technologies to minimise the risk of exploits of criminals

Data Don’ts

  • DO NOT store cardholder data unless it’s absolutely necessary – delete all data as soon as you know that you no longer need it. Never print or email this information.
  • DO NOT store the 3-digit card validation code on the back of the payment card on paper or any digital format.
  • DO NOT store any payment card data in unprotected devices such as PCs, laptops or smart phones
  • DO NOT permit any unauthorised people to access stored cardholder data

Summary

Understanding and implementing all the requirements of PCI-DSS can seem daunting, especially for those without security or large IT departments.  However, PCI DSS mostly calls for good, basic security.  Even if you don’t have to be PCI-DSS compliant, the best practices we mentioned above are steps that any organisation running events would want to take anyway to protect sensitive delegate data.

Click to get in touch

For further advice and guidance on event card payment security, please contact our friendly team on 0207 785 6997 or fill in our enquiry form here.

1 80 Percent of Businesses Fail Interim PCI Compliance Assessment

60-Seconds with Allianz Insurance

Charley Jennings (Allianz Insurance)Charley Jennings is the corporate events officer at Allianz Insurance.  Based in their London offices, she works with a team of six people who are in charge of organizing a variety of events from large conferences, dinners, awards, ceremonies and team building days which can gather anywhere between 10 to 600 people at a time.

EventTech Talk had a quick chat with her to find out a little about her venues and restaurants and her biggest event nightmare.

How long have you been working in events?

Around three years in total.  I started at Allianz as a placement student, returned to university to finish my degree and applied for a job when I finished.

Where is your favourite venue for events?

The Shangri-La Hotel at The Shard in London is great for meetings and One Great George Street in Westminster for awards ceremonies.

What is your favourite restaurant?

The Hutong Chinese restaurant at The Shard and SUSHISAMBA for Japanese-Brazilian-Peruvian sushi.

What would you say is your biggest challenge when planning an event?

Time – there doesn’t seem to be enough of it in the day!

What has been your biggest event nightmare? 

We held a large awards ceremony last year and there was a political protest outside the venue the night before the event. We had no idea what time the protest would finish, and if we were going to be allowed near the venue.  After a very long day, we managed to get everything ready and get to the venue before it started!

Mobile app you couldn’t live or work without?

WhatsApp Messenger.

New technology you’re looking forward to using one day?

Click to get in touchTo be able to use holograms at our conferences would be very exciting.

What has been the best piece of professional advice someone’s given you?

There is no such thing as being too organised!

Lastly, if you could have one superpower, what would it be?

To be able to freeze time!

60-Seconds with Wellcome Trust

Susan Bassam Wellcome TrustBased in London, Susan Bassam is the conference and events organiser at renowned global charitable foundation, Wellcome Trust.  Along with her team, she manages around 60 events each year – from conferences, workshops, dinners and receptions – which attract anywhere between 30-200 attendees.

EventTech Talk had a quick chat with her to find out a little about her best event experiences, favourite venues and her biggest event nightmare.

What has been your best event experience?

Organising a celebration event for the Wellcome Trust’s 75 Anniversary. It was a special occasion and involved transforming the ground floor of our headquarters in London into a glamourous event space for an evening dinner. We invited 180 people to a drinks reception, followed by dinner cooked by Albert Roux.

What is your favourite venue?

For conferences, I would definitely say One Great George Street in Westminster, London.

What is your favourite restaurant?

Le Pont de la Tour by Tower Bridge, London – French cuisine at its best!

What would you say is your biggest challenge when planning an event?

Time or lack of!  Short lead time to organise an event is our biggest challenge.

What has been your biggest event nightmare? 

The day before I was due to fly to Uganda for a conference for 70 people, we heard that there were demonstrations and national unrest in the city, and the only road from the airport to the city was blocked by protestors! After many discussions, the even had to be cancelled.

Mobile app you couldn’t live without?

Whatsapp – it is essential while travelling aboard for keeping in touch with family and friends.

Best event app experience?  

Yet to happen; but currently working on our own event app with Insight Mobile to integrate with Eventsforce.

Click to get in touchNew technology you’re looking forward to using one day (drones, holograms, AR/VR)?

Aside from our own event app, would l like to see a hologram speaking at one of our conferences!

And lastly, if you could have one superpower, what would it be?

To click my heals and instantly be transported home.

 

If you’d like to take part in our ‘60-Seconds’ series of Q&As with event managers, please get in touch at eventtechtalk@eventsforce.com – we’d love to hear from you!