Proven

by Security Experts

membership_security We are a PCI Compliant Certified organization and take extreme measures to protect your biggest asset: your members. Many of the organizations we support are selling insurance and financial service products to their members. We understand the importance of securing your member data.

Checkout our functional areas:

Get More Info

Talk to Someone Now! Call 800.734.9304 to speak to Devin Tisdale. Otherwise, click below for additional details:

Security

As a PCI Compliant organization, we strive to keep your data well protected. Three of our major security categories are: PCI Compliance, application security, and system security.

PCI Compliance

The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.

Our Security Team

Our security team meets weekly to discuss PCI changes, new found vulnerabilities, and areas for improvement. This team is comprised of our software architects, security certified engineers, support and network staff. We make our best efforts to take immediate action on our risks.

Routine Scanning

We routinely scan our services using McAfee PCI Certification Service. In addition, many of our customers routinely scan our services with their own trusted PCI partner. These scanning tools are continuously updated with the latest techniques. Any vulnerability findings from these scanners are immediately brought to the attention of the security team that decides the necessary appropriate response.

 

Application Security

Role Based Security - Roles, Groups and Users

You have the ability to create an unlimited number of groups and users. These can be further coupled into a higher level, called "roles." When specifying permissions you first identify the role, group or user and then specify permissions to allow. For example, you can create a "Marketing Admin" role having the ability to create campaigns, change workflows, and be the only group that can change the status of a complaint to "closed." It's all under your control.

Every Object, Process and Field.

Each part of the system, each workflow, each process and each field can be secured with permissions that you define. With an initial installation, we will set these up for you based on your organization's rules.

Authentication Rules

How users authenticate into the application and their password requirements can be controlled from within the application. You choose:

  • How frequently users must change their passwords.
  • Password strength criteria
  • How quickly an account will lock-out
  • Employee Pin Quick Swap Rules

System Security

Credit Card and Sensitive Data

Based on your organization's preferred approach, we support two different methods to obfuscate/secure your data: Three-Tiered Encryption and Tokenization.

Three-Tiered Encryption is the process of placing the encrypted data directly in your database; however, the keys to the data reside in separate security zones. No single employee ever holds enough of the key to retrieve the data. In addition, we use only strong encryption with large keys making your data absolutely secure.

For our large clients, we tend to use a newer strategy of security called tokenization. Tokenization is the process of replacing key pieces of sensitive information with a token that is stored locally. The sensitive information resides on the token server which is in a separate network security zone. For more information on tokenization, see:Wiki Page for Tokenization

Server and Network Security

Your membership software resides behind a firewall and only those connected through the VPN can connect. Any system that can perform transactions against the membership system must have VPN connectivity to the membership web services. These services are an isolated part of the application and first require hardware and software based authentication prior to accessing the service authentication routine.

Product Visuals