SCPHA Payment Information Security Policy
Payment Information Security Policy – PCI DSS Compliance Policy
To safeguard SCP Housing Authority’s information technology resources and to protect the confidentiality of data, adequate security measures must be taken. This PCI DSS( Payment Card Industry Data Security Standards)Policy reflects SCP Housing Authority’s commitment to comply with required standards governing the security of sensitive and confidential information.
Purpose / Scope
This security policy is written to specifically address the security of data used by the Payment Card Industry. The policy provides guidelines to protect SCP Housing Authority’s systems and data against misuse or loss. The primary purpose of this security policy is to establish rules to ensure the protection of credit card information and to ensure protection of SCP Housing Authority information technology resources. Credit card data stored, processed, or transmitted with SCP Housing Authority’s Merchant ID with our Virtual Merchant Terminal Provide Convenient Payments, LLC, dba IntelliPay (“IntelliPay”) must be protected and security controls must conform to the Payment Card Industry Data Security Standard (PCI DSS). Cardholder data within this document is defined as the Primary Account Number (PAN), Card Validation Code (CVC, CVV2, and CVC2), Credit Card PIN, and any form of magnetic stripe data from the card (Track 1, Track 2). This security policy applies to all users of computer systems, centrally managed computer systems, or computers authorized to connect to SCP Housing Authority’s data network. Individuals working for institutions affiliated with Loyola University Maryland are subject to these same definitions and rules when using SCP Housing Authority’s information technology resources. This security policy applies to all aspects of information technology resource security including, but not limited to, accidental or unauthorized destruction, disclosure or modification of hardware, software, networks or data.
SCP Housing Authority uses Convenient Payments, LLC, dba IntelliPay (“IntelliPay”) as a Virtual Merchant Terminal to Process Payments.
“Customer” refers to the customer of an organization that provides the IntelliPay platform for accepting and processing payments. “IntelliPay Platform” refers to the software developed by IntelliPay to accept and process transactions.
COLLECTION OF INFORMATION
Within this website, no account or personal information is obtained for storage on our or our transfer agent’s systems other than information you enter. This information is used only to provide you with the information or materials that you specifically request.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We collect the domain name and other user information of site users and visitors to our website, aggregate information on what pages site users and visitors access or visit, and user-specific information on what pages site users and visitors access or visit.
The information we collect is used to improve the content of our web page, used to notify site users and visitors about updates to our web site, shared with agents or contractors who assist in providing support for our internal operations, and used by us to contact site users and visitors for marketing purposes, but not shared with other organizations for commercial purposes. This information is collected through web server logs and cookies that allow us to track the aggregated statistics and data from our visitors as they utilize our website.
We do not collect personal information from you unless you provide it to us in conjunction with an application for a merchant account or any other service we offer. The information collected such as your name, company name, financial account information (e.g. credit card information, bank account information), date of birth, social security number, tax number, or Employer Identification Number, bank account number, email address and phone number, is used for the underwriting, approval and set up required for the service you request.
We may provide your personal information to companies that provide services to help us with our business activities, such as shipping your order or offering customer service. These companies are authorized to use your personal information only as necessary to provide these services to us.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
If IntelliPay is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information, to any other third-party with your prior consent to do so.
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at firstname.lastname@example.org.
CORRECTING AND UPDATING YOUR PERSONAL INFORMATION
Upon request, we will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by contacting your sales representative directly, or you may contact us at email@example.com or 855-872-6632. We will respond to your request within a reasonable timeframe.
CUSTOMER TRANSACTION INFORMATION
If you are a customer of an organization that offers the IntelliPay platform to accept and process transactions, and when as a customer make payments or conduct transactions through our application, we will receive your transaction information. The information that we collect will include payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase, and payment method. Different payment methods may require the collection of different categories of information. The implementation by the organization that provides the IntelliPay platform for payment processing will determine the payment methods that it enables you as a customer to use, and the payment method information that we collect will depend upon the payment method that you choose to use from the list of available payment methods that are offered to . When you as a customer make a transaction, we may also receive your name, email, billing or shipping address and in some cases your transaction history to authenticate you.
When we conduct fraud monitoring, prevention and detection activities, we may also receive Personal Data about you from our business partners, financial service providers, identity verification services, and publicly available sources (e.g., name, address, phone number, country), as necessary to confirm your identity and prevent fraud. Our fraud monitoring, detection and prevention services may use technology that helps us assess the risk associated with an attempted transaction.”
Security Policy Ownership and Responsibilities The Director of the Security Advisory and Compliance at ACT Technologies is the assigned custodian of this PCI DSS Compliance Policy. It is the responsibility of the custodian of this security policy to publish and disseminate these policies to all relevant SCP Housing Authority’s system users. In addition, the custodian must see that the security policy addresses and complies with all standards SCP Housing Authority’s is required to follow to meet PCI DSS certification requirements. This policy document will be reviewed annually by the custodian and updated as needed to reflect changes to business objectives or the risk environment. Individuals or Business Entities Questions or comments about this policy should be directed to contact us.