Security

PCI Level 1 Certified

Click & Pledge is a PCI Level 1 provider. PCI DSS compliance standards require strict adherence to a large number of security requirements to maintain our certification. All servers, workstations, network connections, products and offices are audited annually by a 3rd party PCI DSS qualified security assessor (QSA). Additionally, the QSA performs in-depth scans and vulnerability tests quarterly. Other tests and scans are performed on a semi-annual or annual basis. 

Some of the requirements for security include: 

• All servers must maintain up-to-date system patches, and antivirus software. 

• All firewalls and security appliance patches are kept up-to-date. 

• Only employees with specific needs are able to access systems within the Click & Pledge network. 

• Encryption protocols are the most secure available. Weaker encryption methods are retired on a strict schedule. 

• Two-Factor authentication and high-level encryption is required for employee access from outside of our network. Additional two-factor authentication is required to access specific computer systems once inside. 

• Physical access to Click & Pledge’s offices and data centers are controlled with a logged Access Control System. Additionally, CCTV monitors the office and data-center 24/7. 

• Other security procedures, above and beyond PCI requirement include:  

• • Firewall and security appliance logs are monitored continuously using multiple collection/analysis applications. Any attempted intrusions are blocked immediately. 

• • Our Internet service is monitored continuously to maintain maximum network uptime and performance. 

• • There are no wireless devices inside the Click & Pledge security perimeter. 

• • All web-server requests pass through multiple layers of security checks prior to reaching our servers.