|
Payment Card Policy
This is our policy regarding the processing, storage and transmission of credit card information including paper and electronic records and the encryption of those records.
We do not EVER record or store credit card numbers, magnetitc stripe contents, or card security codes in any non-transient mediumn, including paper records or any kind of non-transient electronic media such as email, databases, text messages, or instant-messaging systems. For example, we might enter a card number into a secure web form for payment processing, but we do not save the card number for future use.
Our recurring billing services are operated by PCI-compliant service providers outside of our premises, so it is not necessary for us to store card number, magnetic stripe, or card security codes to provide automated recurring payment processing.
When we display card numbers in receipts or receipts, we only ever display the last four digits of the card number.
We do not transmit card numebrs for any purpose other than to process payment and credit transactions. When we do transmit card numbers, they are always encrypted using strong digital encryption, with at least 128-bit keys, signed by internationally-recognized certificat-signing authorities..
We renew our encryption certificates annually. If we learn that an encryption key has been compromised, we take action immediately to replace it.
We maintain PCI compliance for all our payment card-related systems. If we learn that a payment card-related system is not PCI-compliant, we take action immediately to re-establish PCI compliance.
All key custodians have attested in signed, written documents that they understand and accept their custodial responsibilities according to this policy.
|
