Compliance
JHA Payment Processing Solutions complies with strict standards of information security as required by agencies and associations that govern our industry. Below you'll find some details about our commitment to security standards.PCI DSS: What it means and why it matters
JHA Payment Processing Solutions is PCI DSS compliant. This compliance means everything to us and to our customers. It guarantees that strong and sophisticated data security measures are in place.
In 2001, Visa introduced its Cardholder Information Security Program (CISP) to strengthen protection of cardholder information. This program was later incorporated into an industry-wide set of safeguards; the Payment Card Industry (PCI) standards for protecting cardholder information, now known as PCI DSS (Payment Card Industry Data Security Standards). Cardholders have a right to expect their institutions to uphold these standards, and auditors insist upon it.
When Payment Processing Solutions is audited, observance of these standards is checked on all systems where cardholder data is processed, stored, or transmitted. This includes network connections to payment card companies, financial institutions, processing companies, and remote access employees. It also includes Point of Sale (POS) environments that involve IP-based communications (Internet, VPN, dial-in, etc.).
To maintain compliance with PCI DSS, our company is audited annually, and must meet very stringent requirements. Below are some of the areas that PCI standards examine:
- Network firewalls. Firewalls control communications traffic into a company’s network, preventing unauthorized access. Detailed firewall specifications must be adhered to.
- Passwords and configuration. As an example, when a new software system is purchased, the default password must be changed before installation, and the system’s components must be configured for maximum security.
- Stored and transmitted data protection. Sensitive information must be encrypted, and the storage of such data kept to a minimum.
- Virus protection. Anti-virus software must be installed on all desktops and e-mail systems and kept up to date.
- Software updates. The latest security patches to all commercial software must be promptly installed and in-house systems must be well-maintained and tested for security.
- Access. Sensitive information must be available only to those who need it and are authorized. Each system user must have a unique ID and password for both security and tracking purposes. Visitors to our facility must be properly identified and monitored.
- Monitoring and testing. All data and communications systems must be monitored (activities are logged) and security systems tested.
When a vendor or auditor contacts your financial institution and inquires as to whether Payment Processing Solutions programs are PCI DSS compliant, you can be assured that the answer is yes.
The requirements are publicly available at pcisecuritystandards.org.
Back to Top
SAS 70 (Statement on Auditing Standards #70)
SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants. JHA Payment Processing Solutions is annually subject to an in-depth SAS 70 audit of its control activities (controls over information technology and related processes).
Back to Top
Disaster Recovery
JHA Payment Processing Solutions recognizes the necessity of maintaining business continuity in the event of a disaster. Solid recovery procedures are in place and regularly tested.
If your institution needs copies of these or any other compliance documents, please visit Digital Compliance and log in. For log-in information, contact Chad Christensen at 800-881-7488, extension 403491.