Payment Card Security Policy

Introduction

At jdmrim.com, the security of our customers’ payment information is of utmost importance. This policy outlines the measures we take to ensure the secure transmission, processing, and storage of payment card details in compliance with the Payment Card Industry Data Security Standard (PCI DSS) and other applicable regulations.

Encryption and Data Protection

1. Data Transmission: All payment card information collected from customers is encrypted using Secure Socket Layer (SSL) technology before transmission over the Internet. This ensures that all data passed between the web server and browsers remain private and integral.
2. Encryption Standards: We use strong encryption, such as AES-256, for the encryption of transmitted and stored data. Our encryption methods meet or exceed industry standards.

Secure Network Infrastructure

1. Firewalls: We deploy comprehensive firewall and router configurations to protect data assets. These firewalls are configured to deny traffic by default and permit only necessary communications as required for business operations.
2. Intrusion Detection Systems (IDS): We monitor and analyze network traffic for signs of unauthorized activity with advanced intrusion detection systems.
3. Secure Protocols: Only secure communications protocols are used for transmitting data, including HTTPS and TLS, to safeguard against interception and hacking.

Access Control

1. Authentication and Authorization: We implement strong access control measures to limit access to payment card data based on business need-to-know. Multi-factor authentication (MFA) is required for all systems that store, process, or transmit payment card details.
2. Least Privilege: Access is granted on the principle of least privilege, which ensures individuals have access only to the data and resources necessary for their job functions.

Regular Testing and Monitoring

1. Vulnerability Assessments: Regular vulnerability scans and penetration tests are conducted to identify and address potential security vulnerabilities.
2. Logging and Monitoring: We maintain significant logs that record all access to payment card data. Monitoring tools are employed to alert our security team of potential or actual breaches.

Compliance and Training

1. PCI DSS Compliance: Our operations comply with all applicable requirements of the PCI DSS. We regularly review our compliance with a qualified security assessor (QSA).
2. Staff Training: All employees involved in processing payment card details undergo regular training on security policies and procedures. This includes training on how to identify and prevent phishing, social engineering, and other types of cyber attacks.

Incident Response and Management

1. Incident Response Plan: We have a formal incident response plan that includes immediate containment and eradication of threats, forensic analysis, and communication to affected parties without undue delay.
2. Data Breach Notification: In the event of a data breach involving payment card details, we will notify customers, regulatory authorities, and other stakeholders in accordance with applicable laws and regulations.

Contact Information

For questions or concerns about our security practices, or to report a security issue, please contact our Security Team at contact@jdmrim.com.