Data Security & Network Infrastructure
Since our founding in 2008, Privacy and Security has been a top priority. E-Fraud Security adheres to strict security and privacy compliance guidelines ensuring optimal privacy and security practices. The following statement and practices apply to both information collected by users of our websites and information provided by merchants using our CardProber Verification Services.
Overview: E-Fraud Security does not collect or store credit card numbers from its clients to conduct its verification services. Additionally, Personal Identifiable Information (PII) such as customer email addresses, telephone numbers and sales data provided by merchants are always kept private and secured. E-Fraud Security, complies with industry standards as set forth in this document.
Data Center Security: All sensitive electronic data is stored and encrypted by cloud-distributed data centers managed by Microsoft Azure (CSP) which comply with SSAE 16 International Security Standards and are ISO 27001 Certified. All servers meet and adhere to the SOC 1, SOC2 and SOC 3 Framework.
Internal Networks, Computers and Personnel: To ensure we maintain a constant, high level of security and reliability, we have implemented the U.S. federally developed NIST Comprehensive Security Framework (CSF). The CSF Framework ensures that our organization properly Identifies, Protects, Detects, Responds and Recovers data breaches. CSF ensures that we have proper security measures such as 2-factor Authentication, up-to-date firewalls and virus protection. It ensures that proper training and background checks are conducted on all our personnel. It ensures that we have an active framework to detect data breaches, network breaches and suspicious activity by our personnel who have access to critical data.
Independent Security Audits: Being compliant with NIST Comprehensive Security Framework (CSF), ensures that we conduct periodic, independent security audits.
Additional Measures: In an effort to meet the growing customized demands from selected Enterprise Companies, E-Fraud Security is working diligently to make the CardProber application available as a licensed, self-contained version which can be hosted on a client’s server. This option will further enhance and secure a client’s Security Framework and concerns and avoid the need to transfer or expose their sensitive data outside of their organization. We expect to have this option readily available in 4th quarter 2016.