Payment Card Security Policy
This policy outlines GuardMetrics compliance with Payment Card Industry (PCI) Data Security Standards (DSS).
PCI-DSS is a set of business practice guidelines used to establish security standards designed to protect customer’s payment card information. It is required for all merchants that store, transmit, or process payment card information to comply with PCI-DSS guidelines. PCI-DSS is enforced by the credit card industry to ensure payment card data is protected from theft and fraud.
GuardMetrics senior staff including the Company’s President and CEO will review this policy annually in accordance with PCI compliance requirements.
Card Holder Data Protection
Credit card payment information will not be stored, transmitted, or otherwise captured outside of GuardMetrics third party PCI compliant payment processing system. In order to protect customers from potential theft or fraud, payment card account numbers displayed in GuardMetrics payment processing system and customer receipts are masked to only reveal the last for characters of the payment card account information.
Payment Card Data Encryption
Payment Card Data is encrypted during transmission and while at rest via secure servers. Physical hard copy records containing confidential and sensitive information such as card holder and/or card payment data will not be generated or stored.
Access to GuardMetrics payment processing system is restricted to only those individuals whose job duties require such access and who are appropriately trained. Such privileges are assigned to individuals based on job classification and function.
Incident Response Procedure
A PCI Compliance Incident Response procedure has been developed in case of the event of a security breach.
All payments processed by GuardMetrics are in US Dollars.