Because sensitive payment data does not enter their systems, the Convention Center is able to reduce PCI DSS scope and liability.