Presently, PCMS has no subsidiary companies that would require the exchange of information.
Access is restricted to personal information to those employees who need to know that information in order to provide products and administrative services to you. We maintain physical, electronic and procedural safeguards to enable our clients to protect your personal information.
There are a number of steps PCMS currently utilizes to ensure the safety and security of data provided. Below is a list of current procedures we have implemented to manage risk associated with processing your data.
Secure Data Storage and development
All of our production servers are housed in a SSAE 16 SOC-1 Type II, PCI, SOX, HIPAA compliant datacenter located in Dallas, TX. Housing the central server hosting in a secure facility provides improved disaster recovery and data security for all of our clients.
- Redundant 10G IPv4 and IPv6 networks
- Preaction fire protection and environmental controls
- Inside and out security cameras with 100+ day video life span
- Weekly backup UPS and generator testing
- Dallas flood-free zone
- Rich fiber under ground to Dallas Carrier Hotels
- Multiple fiber entrances into the building
- Options to connect to any carriers in Dallas
- Raised floor with cold and hot isle separation
- 24/7 On-site staff and support
- 24x7 Remote "hands and eyes"
- Bandwidth monitoring
- Multi layer security
- Access restricted via Biometric fingerprint readers.
- Additional Benefits
Financial and payment security
PCMS partners with Cybersource to process online payments. Cybersource is a payment management company that currently serves half of the Internet 500, leading brands, as well as small businesses.
With Cybersource, our clients get:
- Single transaction and subscription payments
- Fraud management tools and fully managed services
- Payment security/PCI compliance (w/built-in security scanning)
Eliminating payment data from our network is the only way to ensure that sensitive personal information isn't compromised during a security breach. Tokenization is the replacement of sensitive data with a unique identifier that cannot be mathematically reversed. In our environment, tokens take the place of sensitive credit card or check data for customers subscribed to a recurring payment plan. Typically, the token will retain the last four digits of the card or account number as a means of accurately matching the token to the payment method owner. The remaining numbers are generated using proprietary tokenization algorithms.
How it works
To make a purchase on one of our websites, the customer might enter their payment information into the designated payment fields on the order page. When the customer hits the 'submit' button, the data is immediately encrypted and transmitted directly to CyberSource for storing, processing, and token generation. The payment data never enters our environment which ensures that we (PCMS) can't store any of your payment information.
The encrypted primary account number (PAN) is decrypted when it enters CyberSource's Level 1, PCI-compliant data vault, where it is securely stored. The payment data is then passed on to the processing channel (bank) and returned to CyberSource with an accepted or denied result.
CyberSource returns the result to us, but substitutes the PAN data with a uniquely generated token. We then store the token in our database for future transactions or chargeback resolution on that account. Customer service representatives can easily verify customers as the custom token will retain the last four digits of the original PAN.
Benefits of Tokenization
- Reduces PCI DSS Scope
- Renders payment data meaningless to hackers
- Chargebacks and payment reconciliation can take place without handling payment data
- Not mathematically reversible
- Format fits legacy payment data fields
- Integrates with Account Updater to automatically update payment data for fewer failures
We backup our clients data in a number of different fashions:
- Incremental backups are performed throughout each day every 15 minutes and are kept for up to a week for live sites’ databases.
- A full data backup is also performed for all live sites each day and kept for up to roughly 2 weeks.
- We keep up to 8 weeks of each weekly backup
- At the end of each month, we do a full backup and keep those for up to 1 year.