Data Encryption Policy

PCI DSS Requirements

To protect our loyal members from a potential data breach, Alert1 abides by all the PCI DSS requirements set by the SSC.

There are six control objectives within the DSS requirements, and each objective is broken down into sub-requirements. Overall, there are a total of 12 high-level requirements for compliance (which have not changed since the inception of the standard). They are as follows:

Control Objectives PCI DSS Requirements Alert1 Competitors
Build and maintain a secure network
  1. Install and maintain a firewall configuration to protect cardhholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters 

Protect cardholder data
  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks 

Maintain a vulnerability management program
  1. Use and regularly update anti-virus software on all systems commonly affected by malware
  2. Develop and maintain secure systems and applications

Implement strong access control measures
  1. Restrict access to cardholder data by business need-to-know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Regularly monitor and test networks
  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Maintain an information security policy
  1. Maintain a policy that addresses information security

Click here for more information

The Payment Card Industry and the Data Security Standard

Companies can only be considered Payment Card Industry (PCI) Compliant once they’ve met the requirements set by the PCI Security Standards Council (SSC). The Data Security Standard (DSS) is “designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment”. This standard was created to increase controls around cardholder data to reduce credit card fraud. In the same way that doctors must practice HIPAA, companies like Alert1 must abide by the PCI DSS. 

Alert1 is PCI Compliant

One of the major requirements that the SSC asks us to do is take the annual Self-Assessment Questionnaire (SAQ) and pass. The purpose of the SAQ is to determine whether a company is doing what it should to remain or achieve PCI compliance. The SAQ has specific questions that ask our organization what it does on the back end of IT, amongst other things, to stay PCI compliant. Alert1 passed this year with flying colors!

You’re in Good Hands

Every company has vulnerable spots, but by taking necessary measures such as these—we can reduce the risk.

Having your credit card information stolen is no laughing matter. With the advent of the Internet, credit card theft is getting easier and easier. No longer do we have to just worry about pickpockets—now we must be wary of the pocket pickers of the internet.

Once the damage is done, it’s a long and arduous journey back to feeling secure again. Not to mention, dealing with the authorities and banks is no fun. It’s a hassle that you could do without. Be selective about who you choose to conduct business with. You can reduce the risk of having your information stolen.

At Alert1, we value confidentiality. We carry this belief with us throughout all aspects of our business. From doing the basics likes following PCI DSS requirements, to going beyond by using locked shredders, Alert1 will always protect your information. Just like how a doctor would never blab about your extra toe, Alert1 would never improperly handle your credit card information.