Click & Pledge is a PCI Level 1 provider. PCI DSS compliance standards require strict adherence to a large number of security requirements to maintain our certification. All servers, workstations, network connections, products and offices are audited annually by a 3rd party PCI DSS qualified security assessor (QSA).
Additionally, both the official QSA and an additional 3rd party performs in-depth scans and vulnerability tests quarterly.
Some of the requirements for security include:
- All servers must maintain up-to-date system patches, and antivirus software.
- All firewalls and security appliance patches are up-to-date.
- Only employees with specific needs are able to access any system within the Click & Pledge network.
- Encryption protocols are the most secure available. Weaker encryption methods are retired on a strict schedule.
- Two-Factor authentication and high-level encryption is required for employee access from outside of our network.
- Physical access to Click & Pledge’s offices and data centers are controlled and monitored 24/7.
- Other security procedures, above and beyond PCI requirement include:
- Firewall and security appliance logs are monitored continuously. Any attempted intrusions are blocked immediately.
- Our Internet service is monitored continuously to maintain maximum network performance.
- There are no wireless devices within the Click & Pledge network.