Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Law Office Manager
 Get Our Daily eNewsletter, Law Office Manager Bulletin,
    and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!

Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives

How to protect your client data while complying with PCI anti-fraud measures

What would you do if you were asked to install monitoring software on your network? Gary Allen Gardner of Rosi & Gardner, P.C. in Traverse City, Michigan, shares how he resolved a recent troubling request his firm received.

We were contacted by our credit card processing company, regarding “PCI Compliance” (Payment Card Industry). By email and subsequent list of questions, they wanted to install a piece of scanning and monitoring software on our network, to “ensure compliance” with all credit/debit card anti-fraud measures.

I refused. I think that it would breach a lawyer’s ethical duty to safeguard confidential client information to allow such scanning and monitoring. In our case, it would probably also violate the terms of other certifications that we have made to information service providers (LexisNexis and Thomson West/Reuters) regarding the protection of stored Social Security Numbers and related regulated information. In our case, it would probably also violate our certification to an institution we do collection work for, who provides us with SSNs and related information, and we annually certify that we have taken measures to ensure the protection of that information.

Our solution? I spoke with our IT Consultant, and we are establishing a second, separate network (separate IP scheme, isolated from our internal network) solely for the credit card processing machine. Then, we will be compliant, with no risk of breaching client confidentiality or information protection agreements.

According to our IT consultant some of the firewalls that lawyers are presently using have the capability to run a second network, or VLAN. If not, the device replacement costs about $600 and a couple of hours of IT time to configure it. Inexpensive insurance and solution.

Law Office Manager wants to send you $100.
Tell us how you solved a problem or implemented a successful program, or share any idea we can use in our Reader Tips column. If we publish it, we’ll send you $100. Send your submission to

Editor’s picks:

Four bad financial habits that may increase your policy premiums and your malpractice risk

Should you outsource your IT department?

San Diego firm gets more cash faster with easy-to-use online credit card payment system









Try Premium Membership