Data Encryption Policy

PCI DSS Requirements

To protect our loyal members from a potential data breach, Alert1 abides by all the PCI DSS requirements set by the SSC.

There are six control objectives within the DSS requirements, and each objective is broken down into sub-requirements. Overall, there are a total of 12 high-level requirements for compliance (which have not changed since the inception of the standard). They are as follows:

Control ObjectivesPCI DSS RequirementsAlert1Competitors
Build and maintain a secure network
1. Install and maintain a firewall configuration to protect cardhholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters 

Question mark

Protect cardholder data3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks 

Question mark

Maintain a vulnerability management program5. Use and regularly update anti-virus software on all systems commonly affected by malware
6. Develop and maintain secure systems and applications

 

 

Question mark

Implement strong access control measures7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data

 

 

Question mark

Regularly monitor and test networks10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Question mark

Maintain an information security policy12. Maintain a policy that addresses information security

Question mark

Click here for more information

BBB CSAA Consumer Affairs
Call Now For Our Tap Now For Our Special Offer
1-866-581-4540
#1 Medical Alert By
Modern Senior Magazine

The Payment Card Industry and the Data Security Standard

Companies can only be considered Payment Card Industry (PCI) Compliant once they’ve met the requirements set by the PCI Security Standards Council (SSC). The Data Security Standard (DSS) is “designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment”. This standard was created to increase controls around cardholder data to reduce credit card fraud. In the same way that doctors must practice HIPAA, companies like Alert1 must abide by the PCI DSS. 

Alert1 is PCI Compliant

One of the major requirements that the SSC asks us to do is take the annual Self-Assessment Questionnaire (SAQ) and pass. The purpose of the SAQ is to determine whether a company is doing what it should to remain or achieve PCI compliance. The SAQ has specific questions that ask our organization what it does on the back end of IT, amongst other things, to stay PCI compliant. Alert1 passed this year with flying colors!

The SSC also requires quarterly audits to our IT infrastructure and configurations. Our next audit is up in a few weeks, and we’re sure to pass it like the ones before it. All Alert1’s server, router, and firewall configurations are in compliance with PCI DSS requirements.  Furthermore, Alert1 had specific policies created in order to better achieve PCI DSS compliance.

At Alert1, we also implement many procedures to adhere to PCI DSS. To name a few, Alert1 stops call recordings when obtaining credit card information and utilizes shredding boxes with locks. These shredders are meant for invoices or papers containing unused credit card information, thus preventing information from being leaked. Call recordings are stopped to ensure that those who listen later don’t hear anything deemed sensitive. 

You’re in Good Hands

Every company has vulnerable spots, but by taking necessary measures such as these—we can reduce the risk.

Having your credit card information stolen is no laughing matter. With the advent of the Internet, credit card theft is getting easier and easier. No longer do we have to just worry about pickpockets—now we must be wary of the pocket pickers of the internet.

Once the damage is done, it’s a long and arduous journey back to feeling secure again. Not to mention, dealing with the authorities and banks is no fun. It’s a hassle that you could do without. Be selective about who you choose to conduct business with. You can reduce the risk of having your information stolen.

At Alert1, we value confidentiality. We carry this belief with us throughout all aspects of our business. From doing the basics likes following PCI DSS requirements, to going beyond by using locked shredders, Alert1 will always protect your information. Just like how a doctor would never blab about your extra toe, Alert1 would never improperly handle your credit card information.