Presently, PCMS has no subsidiary companies that would require the exchange of information.
Access is restricted to personal information to those employees who need to know that information in order to provide products and administrative services to you. We maintain physical, electronic and procedural safeguards to enable our clients to protect your personal information.
There are a number of steps PCMS currently utilizes to ensure the safety and security of data provided. Below is a list of current procedures we have implemented to manage risk associated with processing your data.
All of our production servers are housed in a SSAE 16 SOC-1 Type II, PCI, SOX, HIPAA compliant datacenter located in Dallas, TX. Housing the central server hosting in a secure facility provides improved disaster recovery and data security for all of our clients.
PCMS partners with Cybersource to process online payments. Cybersource is a payment management company that currently serves half of the Internet 500, leading brands, as well as small businesses.
With Cybersource, our clients get:
Eliminating payment data from our network is the only way to ensure that sensitive personal information isn’t compromised during a security breach. Tokenization is the replacement of sensitive data with a unique identifier that cannot be mathematically reversed. In our environment, tokens take the place of sensitive credit card or check data for customers subscribed to a recurring payment plan. Typically, the token will retain the last four digits of the card or account number as a means of accurately matching the token to the payment method owner. The remaining numbers are generated using proprietary tokenization algorithms.
To make a purchase on one of our websites, the customer might enter their payment information into the designated payment fields on the order page. When the customer hits the ‘submit’ button, the data is immediately encrypted and transmitted directly to CyberSource for storing, processing, and token generation. The payment data never enters our environment which ensures that we (PCMS) can’t store any of your payment information.
The encrypted primary account number (PAN) is decrypted when it enters CyberSource’s Level 1, PCI-compliant data vault, where it is securely stored. The payment data is then passed on to the processing channel (bank) and returned to CyberSource with an accepted or denied result.
CyberSource returns the result to us but substitutes the PAN data with a uniquely generated token. We then store the token in our database for future transactions or chargeback resolution on that account. Customer service representatives can easily verify customers as the custom token will retain the last four digits of the original PAN.
We backup our client’s data in a number of different fashions: