Payment Information Security Policy – PCI DSS Compliance Policy

Introduction

To safeguard SCP Housing Authority’s information technology resources and to protect the confidentiality of data, adequate security measures must be taken. This PCI DSS( Payment Card Industry Data Security Standards)Policy reflects SCP Housing Authority’s commitment to comply with required standards governing the security of sensitive and confidential information.

Purpose / Scope

This security policy is written to specifically address the security of data used by the Payment Card Industry. The policy provides guidelines to protect SCP Housing Authority’s systems and data against misuse or loss. The primary purpose of this security policy is to establish rules to ensure the protection of credit card information and to ensure protection of SCP Housing Authority information technology resources. Credit card data stored, processed, or transmitted with SCP Housing Authority’s Merchant ID with our Virtual Merchant Terminal Provide Convenient Payments, LLC, dba IntelliPay (“IntelliPay”) must be protected and security controls must conform to the Payment Card Industry Data Security Standard (PCI DSS). Cardholder data within this document is defined as the Primary Account Number (PAN), Card Validation Code (CVC, CVV2, and CVC2), Credit Card PIN, and any form of magnetic stripe data from the card (Track 1, Track 2). This security policy applies to all users of computer systems, centrally managed computer systems, or computers authorized to connect to SCP Housing Authority’s data network. Individuals working for institutions affiliated with Loyola University Maryland are subject to these same definitions and rules when using SCP Housing Authority’s information technology resources. This security policy applies to all aspects of information technology resource security including, but not limited to, accidental or unauthorized destruction, disclosure or modification of hardware, software, networks or data.

SCP Housing Authority  uses Convenient Payments, LLC, dba IntelliPay (“IntelliPay”) as a Virtual Merchant Terminal to Process Payments.

Please Reference the below sections from Convenient Payments, LLC, dba IntelliPay (“IntelliPay”) Privacy Policy

“Convenient Payments, LLC, dba IntelliPay (“IntelliPay”)is committed to maintaining robust privacy protections for its users.  The terms “we,” “us,” and “our” refer to IntelliPay, IntelliPay.com, and its affiliates. “You” refers to you, as a user of our website. Our Privacy Policy (“Privacy Policy”) is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using our website.

By using our website, you accept our Privacy Policy and you consent to our collection, storage, use and disclosure of your personal information as described in this Privacy Policy.

“Customer” refers to the customer of an organization that provides the IntelliPay platform for accepting and processing payments.  “IntelliPay Platform” refers to the software developed by IntelliPay to accept and process transactions.

COLLECTION OF INFORMATION

Within this website, no account or personal information is obtained for storage on our or our transfer agent’s systems other than information you enter. This information is used only to provide you with the information or materials that you specifically request.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

We collect the domain name and other user information of site users and visitors to our website, aggregate information on what pages site users and visitors access or visit, and user-specific information on what pages site users and visitors access or visit.

The information we collect is used to improve the content of our web page, used to notify site users and visitors about updates to our web site, shared with agents or contractors who assist in providing support for our internal operations, and used by us to contact site users and visitors for marketing purposes, but not shared with other organizations for commercial purposes. This information is collected through web server logs and cookies that allow us to track the aggregated statistics and data from our visitors as they utilize our website.

PERSONAL INFORMATION

We do not collect personal information from you unless you provide it to us in conjunction with an application for a merchant account or any other service we offer. The information collected such as your name, company name, financial account information (e.g. credit card information, bank account information), date of birth, social security number, tax number, or Employer Identification Number, bank account number, email address and phone number, is used for the underwriting, approval and set up required for the service you request.

We do not license, sell, rent or trade any collected business information about your account or other personal information unless you request it. The personal information you provide is to help complete a transaction initiated by you, or the disclosure is otherwise lawfully permitted or requested. We will share your personal information with third parties only in the ways that are described in this privacy policy.

We may provide your personal information to companies that provide services to help us with our business activities, such as shipping your order or offering customer service. These companies are authorized to use your personal information only as necessary to provide these services to us.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

If IntelliPay is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information, to any other third-party with your prior consent to do so.

SECURITY

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can contact us at support@intellipay.com.

CORRECTING AND UPDATING YOUR PERSONAL INFORMATION

Upon request, we will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by contacting your sales representative directly, or you may contact us at  support@intellipay.com or 855-872-6632. We will respond to your request within a reasonable timeframe.

CUSTOMER TRANSACTION INFORMATION

If you are a customer of an organization that offers the IntelliPay platform to accept and process transactions, and when as a customer make payments or conduct transactions through our application, we will receive your transaction information. The information that we collect will include payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase, and payment method. Different payment methods may require the collection of different categories of information. The implementation by the organization that provides the IntelliPay platform for payment processing will determine the payment methods that it enables you as a customer to use, and the payment method information that we collect will depend upon the payment method that you choose to use from the list of available payment methods that are offered to . When you as a customer make a transaction, we may also receive your name, email, billing or shipping address and in some cases your transaction history to authenticate you.

When we conduct fraud monitoring, prevention and detection activities, we may also receive Personal Data about you from our business partners, financial service providers, identity verification services, and publicly available sources (e.g., name, address, phone number, country), as necessary to confirm your identity and prevent fraud. Our fraud monitoring, detection and prevention services may use technology that helps us assess the risk associated with an attempted transaction.”

Security Policy Ownership and Responsibilities The Director of the Security Advisory and Compliance at ACT Technologies  is the assigned custodian of this PCI DSS Compliance Policy. It is the responsibility of the custodian of this security policy to publish and disseminate these policies to all relevant SCP Housing Authority’s system users. In addition, the custodian must see that the security policy addresses and complies with all standards SCP Housing Authority’s is required to follow to meet PCI DSS certification requirements. This policy document will be reviewed annually by the custodian and updated as needed to reflect changes to business objectives or the risk environment. Individuals or Business Entities Questions or comments about this policy should be directed to contact us.