Updated: December 6, 2017
At Solcioty, LLC, (collectively, “Solcioty,” “we,” “us,” or “our”), the security of Subscriber Data is a high priority. We maintain the Solcioty System, and all associated data, systems, hardware and software, with technical, administrative, and physical safeguards in place to protect against the loss, unauthorized access, destruction, misuse, modification, and improper disclosure of your Subscriber Data, including End User Data. Despite these safeguards, it’s important that you understanding no computer system or information can even be fully protected against every possible hazard; so long as there are hackers, there are risks. While Solcioty cannot guarantee that its systems or your information will be safe, we are committed to providing reasonable and industry- accepted security controls to protect the Solcioty System and Subscriber Data.
BY ACCESSING, VIEWING OR USING ALL OR ANY PART OF THE SOLCIOTY SYSTEM, YOU ARE ACCEPTING THIS POLICY AND THE ENTIERE AGREEMENT. IF YOU DO NOT AGREE, YOU ARE NOT PERMITTED TO ACESS OR USE THE SOLCIOTY SYSTEM AND YOUR UNAUTHORIZED USE MAY BE DEEMED A VIOLATION OF LAW.
BEST PRACTICES FOR YOU TO TAKE TO PROTECT CARDHOLDER DATA AND OTHER END USER DATA
We recommend these practices to minimize the risk of a Cardholder Data breach, or a breach of other personal information related to your End Users. Please take steps to do the following:
- Maintain updated anti-virus software on all workstations engaged in credit card processing and remove any programs that the anti-virus software flags as potentially malicious.
- Restrict permission to install software on those computers to your business owner and/or trusted senior staff.
- Maintain up-to-date versions of operating systems (e.g., Microsoft Windows or Macintosh OS) and web browsers (e.g., Internet Explorer, Chrome, Safari or Firefox), with all security
updates and patches installed.
- Ensure that every individual that logs into the Solcioty System has a unique username and password that is known only by that individual.
- Only store credit card account numbers in encrypted credit card fields designed for that purpose.
- Destroy any hard copy documents that have Cardholder Data written on them.
- Follow the Payment Card Industry Data Security Standard (“PCI DSS”), if you accept Visa, MasterCard, American Express, or Discover credit cards for payment.
Please do not do the following:
- Share your account or password;
- Record Cardholder Data in notes, contact logs, or other unencrypted text fields within the Solcioty System;
- Record Cardholder Data in any locally installed software program, unless that program and your computer network meet all PCI requirements; or
- Email End User’s credit card numbers, ask End Users to email credit card numbers to you, or record credit card track data.
STEPS SOLCIOTY IS TAKING TO PROTECT YOUR SUBSCRIBER DATA
- PCI Compliance. Solcioty complies with standards set forth by the PCI Security Standards Council to protect Cardholder Data. Solcioty encrypts all stored credit card numbers, we enable restricted firewalls to protect stored data, and we use 128-bit SSL certificates to encrypt data during transfer between the web browser and Solcioty’s database.
Approved Scanning Vendor (“ASV”) delivers accurate vulnerability scanning and actionable reporting which enables the Solcioty Network Operations Center to quickly rank risks
and gauge compliance against PCI-DSS Standards. Daily Vulnerability Assessments monitor the Solcioty network perimeter against daily threats to help protect you and us from
hackers, data breaches, adware, spyware, pop-ups, browser exploits, and phishing attempts.
- Training and Education. Solcioty makes sure that its employees and staff recognize the importance of personal information protection, and the protection of your Subscriber
Data. We have established internal rules and policies related to the access and use of Subscriber Data, and encourage you to do the same with your employees and staff. Our
rules and policies are continually assessed, maintained and enforced.
- Personnel Security Measures. Solcioty’s technical or management personnel with access to Subscriber Data are subject to background checks prior to hiring, and must sign
non-disclosure and data security agreements that protect both Solcioty and Subscriber Data.
- Following Laws and Industry Best Practices. Solcioty complies with all applicable laws, as well as accepted industry best practices, when dealing with your Subscriber Data.
RISK OF LOSS
Solcioty’s responsibility to protect your Subscriber Data, including Cardholder Data, applies only after such information is encrypted and received by Solcioty’s server(s). You remain responsible for the proper handling and protection of Cardholder Data until such Cardholder Data is encrypted and received by our server(s). Your ability to successfully do this depends on the degree to which you are able to successfully implement the best practices described above and comply with all PCI guidelines.
CHANGES TO THE SECURITY POLICY
Solcioty reserves the right to change this Security Policy. Solcioty will provide notification of the material changes to this Security Policy through a notification on its website, or via email at least thirty (30) business days prior to the change taking effect.
If you have any questions regarding this Security Policy, please contact us by email at
1145 First Avenue
Columbus, GA 31901