Certifications
Safekeeping Online Transactions
Providing safe and secure transaction solutions is always a priority at Helcim. By creating a trusted system, we have enabled customers to feel confident in making purchases through us, bringing value to our merchants and partners. This quick guide explains some of the security precautions we undertake to ensure that all of our systems serve their purpose securely and swiftly. For more information on our practices and certifications, please contact us.
PCI Data Security Standards
The Payment Card Industry Data Security Standards (PCI DSS) are the core of all of our card-holder data security. PCI DSS is a security program developed by major credit card companies in order to safeguard card holder data and prevent the theft or loss of such information. Among its many requirements, it dictates server security requirements, coding practices and the requirements for passing card-holder data through our systems towards major banking networks.
TrustWave, our security assessor, performs routine audits as well as security scans on all of our servers. Thanks to our continuing efforts, we have been successfully audited and accredited for the following programs:
- VISA USA - (CISP - Cardholder Information Security Program)
- VISA International - (AIS - Account Information Security)
- MasterCard Worldwide - (SDP - Site Data Protection)
- American Express - (DSOP - Data Security Operating Policy)
- Discover Network - (DISC - Discover Information Security and Compliance)
- JCB - (PCI DSS mandate)
Strong Encryption Practices
At the heart of every secure online environment is a Security Socket Layer (SSL) certificate. These certificates are issued by trusted providers such as GeoTrust (a VeriSign company) and are used by the user's browser to identify the server they are connecting to. We utilize SSL encryption throughout our website, from our shopping carts, to our gateways, to our merchant store management tools. With 128-bit encryption, the highest commercial SSL achievable, customers and merchants can be assured that their information will only be directed where intended.
Outside of direct web communications between users and our servers, we also enforce encryption practices on our online data storage that meet all PCI DSS requirements. Any card-holder data that is stored in our databases is processed through AES 256-bit encryption. Merchant account passwords are protected using an unbreakable cryptographic one-way-hash storage method. Employee workstations are also required to use full-disk-encryption hard drives, which prevent the recovery of sensitive data in the event of equipment theft.
The Importance of Uptime
Our server network has been designed to maintain cardholder data integrity in a fast and reliable environment that minimizes downtime. This network environment is powered by Linux, and protected by hardware firewalls disabling all communications outside of required ports. Diesel-powered backup generators provide electricity during blackouts, and electronic card access, man-traps at every entrance, and full-time security staff provide the physical protection needed.
At the base of each of our online services are a group of servers to handle traffic and script activities while others conduct database queries. When traffic load exceeds certain levels, new read-only slave servers are deployed and load-balancers ensure that operations continue to function quickly. Database servers ensure data integrity and uptime using RAID5 hard disk imaging, allowing for operations to continue even in the event of a disk failure.
For more information on the Payment Card Industry Data Security Standards, please visit:
|