 |
|
| Data Encryption and CISP/PCI Compliance |  |
|
|
|
Did you know your online ordering vendor must be CISP/PCI certified and compliant or you may face fines up to $500,000 per loss incident and could permanently lose your merchant account? Keep reading... Delphis Software is CISP compliant and PCI Certified and meets or exceeds the Payment Card Industry (PCI) data security standards. These standards are required network security and business practice guidelines developed by Visa, MasterCard, American Express and Discover Card. The standards were developed to establish security with regards to the protection of customer data. Using any vendor that does not comply with the PCI security standard may result in substantial fines or your permanent expulsion from card acceptance programs. To maintain PCI Certification, extensive quarterly examinations of our systems are performed by independent auditors which maintain stringent credidation by the bank card issuers. It is particular important to determine if a vendor is CISP/PCI certified by the bank card companies. It is not sufficient that the vendor’s gateway supplier is certified. The online ordering vendor itself must also be certified or you may face fines up to $500,000 per incident and could permanently lose your merchant account. Check with the security department of your card merchant account for specific details. Fines have been levied and accounts closed. This stringent new requirement is now mandatory! All customer data is encrypted for even greater protection... Data encryption and protection is so important and crucial that a stand-alone white paper could be written solely on the subject. Each company should have a clear understanding of its policies and procedures of how data is managed, where it is stored, and if and when sensitive data is ever allowed outside the secure area of the data center. Furthermore, companies should also know the same policies and procedures of each of its vendors who also maintain company data upon their systems. As most know, there have been many instances in the recent news of financial institutions, computer companies, and even the US Government losing sensitive and private data through unauthorized hacking of supposedly secure systems. Delphis Software is the only vendor that employs on-the-fly encryption of all customer data via dedicated on-board controller encryption devices prior to such data being written to storage mediums. This is a critical point; at no time is unencrypted data maintained on storage devices for even a moment. Our data centers are protected by superior physical means and cutting-edge advanced technology; however Delphis takes the extra step of protecting against the unthinkable. In the very unlikely event that our systems are breached by unauthorized persons, no data can be ever recovered. In addition, Delphis Software adheres to a strict policy of never allowing sensitive data outside the safe and secure environment of its ultra secure Network Operations Centers. We have no ‘offsite’ backups nor do we ever have a need to remove data from our NOC’s for any reason whatsoever. Avoid a legal and public relations nightmare! Imagine the legal and public relations nightmare if your online ordering provider, or any other vendor, were to lose the personal and private records of your customer base. There are very real legal ramifications if a company does not understand or has not completed due diligence into a vendor’s storage and handling of company data. Data encryption and proper data handling are an absolute requirement for any vendor of your company. Delphis Software alleviates these nightmare scenarios by military-strength encryption and strict adherence to policies and procedures. We stand ready to discuss our methods, security policies, and data handling procedures with your IT staff, and to further explain the only in-line encryption process in the industry. |