The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. This policy applies to all systems, networks, and processes that we use to store, process, or transmit cardholder data. This includes all electronic systems and paper-based processes.
How do we process payments?
All storage, processing, or transmission of cardholder data is outsourced to a PCI Compliant third party. We require that all third-party payment providers submit a valid PCI DSS compliance certificate, or undergo a PCI DSS assessment by a qualified security assessor (QSA). We:
- Assign a unique ID to each person with computer access.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Encrypt transmission of cardholder data across open, public networks.
How do we store cardholder data?
i g w t technology does not store electronic cardholder data information in any format on any medium for any amount of time. We may store cardholder data in written or printed format for a period of time that does not exceed business or legal reasons. We:
- Protect stored cardholder data.
- Restrict access to cardholder data by business need-to-know.
- Restrict physical access to cardholder data.
Questions?
We regularly assess our compliance with PCI DSS and monitor the PCI DSS compliance of all third-party payment providers on an ongoing basis. Users with questions regarding PCI Compliance, account data use, or questions on any data use matter, should contact: support@igwt.dev.