PAYMENT CARD DATA SECURITY
Our Commitment
We maintain systems, equipment and process controls to ensure that your payment card data will never be stolen or inadvertently released into the wrong hands. We train our personnel on these controls and emphasize our commitment that data security is of the highest importance.
What is the Requirement?
Infinite Electronics has implemented controls that are fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), the industry standard for protecting payment card data. PCI compliance refers to the technical and operational standards that businesses must follow to ensure that payment card data provided by cardholders is fully protected. PCI compliance is enforced by the PCI Standards Council, and all businesses that store, process or transmit payment card data electronically are required to follow their compliance guidelines.
Our Approach
Infinite Electronics partnered with one of the most respected cyber security consultants to evaluate the proper protections for the kinds of payment card data exchanges that we are involved in. A cornerstone to our approach is to ensure that no payment card data is stored within our Enterprise Resource Planning (ERP) system. Instead, payment card transactions are performed on a network that is physically segregated from the ERP network and coordinated with a fully compliant third party service provider known as PayPal. PayPal is an industry leader in handling payment card transactions and securing transactions for other companies. Within our ERP, we only maintain tokens provided by PayPal. This enables us to process these transactions without maintaining the actual card numbers and the tokens can be revisited for additional authorized transactions over time. These randomized tokens cannot be linked in our systems to any personally identifiable information. If tokens were to be lost or stolen, they could not be used for any purchases nor could they be used to divulge any customer information of any sort.