What we do to keep your personal information secure
Vincento Payment Solutions Ltd and its payment provider CQR Payment Solutions GmbH are committed to protecting the security of your data. We use a variety of security technologies and procedures to meet this commitment.
CQR Payment Solutions GmbH achieved PCI Compliance Level 2 by 29th of March 2006. The next stage to reach PCI Compliance Level 1 began in December 2006. This culminated in a three day Onsite Audit in October 2007, which was passed first time.
PCI explained:
Visa, MasterCard, American Express and Discover have defined worldwide payment security standards that together form the PCI (Payment Card Industry) standard. All companies which transmit, process or store credit card data are encouraged to conform to the PCI standard.
The industry standard PCI DSS includes 12 key requirements for organisations that accept or processes card payments:
- Install and maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for passwords or other security parameters
- Protect stored data
- Encrypt the transmission of cardholder data and sensitive information
- Use and regularly update anti-virus software
- Develop and maintain securer systems and applications
- Restrict access to data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
More details about security standards that will be applicable for Vincento are also applicable for CQR and you can find it on www.cqrpayments.com
Location Security
Besides making use of advanced encryption techniques to protect transaction information, CQR’s systems are located in a physically secure environment, ensuring that the financial data of our partners and their customers is never threatened. Such advanced measures are a prerequisite for our PCI Compliance Level 1.
Resilience
kalixa.com uses VeriSign services, which means this website can secure your private information using a Thawte SSL Certificate. Information exchanged with any address beginning with https:// is encrypted using SSL before transmission, as follows:
Site name: kalixa.com
SSL Certificate Status: Valid (23-08-2011 to 22-08-2012)
Company: Vincento Payment Solutions Ltd
Encrypted Data Transmission:
Identity Verified: Vincento Payment Solutions Ltd has been verified as the owner or operator of the web site located as kalixa.com. Official records confirm Vincento Payment Solutions Ltd as a valid business.
About SSL certificates
- Secure Sockets Layer (SSL) technology protects web sites and gives customers reassurance.
- An SSL Certificate enables encryption of sensitive information during online transactions
- Each SSL Certificate contains unique, authenticated information about the certificate owner
- Every SSL Certificate is issued by a Certificate Authority that verifies the identity of the certificate owner
As additional protection for our customers, Kalixa has signed up to the MasterCard SecureCode® and Verified by Visa® payment protection methods for debit and credit cards.
How we will communicate with you
We will communicate with you primarily by letter and email, using only the contact details with which you provided us on registration. We may also call you or return a call. In all these forms of communication, we will always use your first name, surname and your eAccount number.
If a communication is verbal, we may ask you to answer one or both of your memorable questions.
We will never ask you:
- To email, write, or tell us your password – the only place you will ever use your password is on the Kalixa website, to Log In or as additional security on key screens.
- To email, write, or tell us your PIN code – the only place you will need to use your PIN is at an ATM or a point of sale terminal in a store or other purchasing environment.
What you can do to keep your personal information secure
- Keep any account passwords secret and make sure they cannot easily be guessed (e.g. your date of birth or your name)
- Immediately sign your Kalixa Card when you receive it
- Keep your Kalixa Card secure in a safe place at all times and do not allow any other person to use it
- Don’t let your Kalixa Card or card details out of your sight whilst making a transaction
- Memorise the Personal Identification Number (PIN) and then immediately destroy any note of it – never write it down
- Don’t tell anybody your PIN, including friends, family, merchants or even members of the Kalixa Team. We will never ask you to disclose your PIN.
- Keep the keypad shielded when entering your PIN in a shop or at cash machines, so that others cannot see it
- Use secure websites by ensuring that the security icon (locked padlock or unbroken key symbols) is showing in the bottom of your browser window, or check the website address, which should begin https:// rather than http://
- Only access shopping sites by typing the address into your web browser – never go to websites from a link in an email and then enter personal details
- If you have any concerns about the accuracy of a transaction on your statement, contact us immediately
Further information
'Phishing' is the term used for the activities of criminals who create and use fraudulent emails and associated websites. These are designed to look like e-mails and websites of well-known legitimate businesses, financial institutions, and government agencies.
These emails and websites are created in order to deceive Internet users into disclosing their bank and financial account information or other personal data such as mother’s maiden name, addresses, usernames and passwords. This information could then be used for criminal purposes, such as identity theft and fraud.
The threat from phishing is small, but it is always better to be alert.
For more information visit: www.getsafeonline.org or www.banksafeonline.org.uk