This is a PCI inquiry but it seems appropriate for this forum.  The PCI discussion per the PCI blogs, etc have focused on system security.  But how are NFPs planning to deal with ensuring security of CC information when taken by volunteers at field events such as golf tournaments, dinner galas, thons and the like?  For the very large thon events where credit card information may be taken on registration forms on site, how are other NFPs planning to ensure that they can document compliance with credit card security standards?  Is it sufficient to educate and supervise?  I don't think it's reasonable to assume that every event has credit card machines with telephone lines where there is simply no visible data retained for some period of time. 

I'm interested in how others are approaching documenting off-site compliance.

Rena, Not sure what type of event you are involved with, but my experience is at auctions/gold with card swipers linked via an app downloaded to the laptop(s), not hooked up to a phone line but uploaded after the event. It is a total breeze, with laptops loaded with the app and the guest data, if pre-registered, or if not, registered on the spot, a simple swipe and a click to accept, and they are off. Post-event, you reconcile purchases and non-cc payments after which the charges are then uploaded for collection. Mary Jo