Credit cards processed while on the Great Lakes Council website are processed by Doubleknot. Doubleknot's data security standards are adopted from the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The Payment Card Industry Security Standards Council is an organization whose members include American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International. The standard is for organizations that process payments to prevent fraud through increased controls around data and its exposure to compromise. While PCI DSS is not law, Doubleknot is required to maintain PCI DSS Level 3 compliance to process payment transactions. Doubleknot maintains PCI DSS Level 3 compliance for all payment transactions and all personally identifiable data.
Validation of Doubleknot's compliance is performed by Security Metrics, Inc. and compliance is assessed quarterly. The validation of compliance covers the following twelve topics of data security and within each topic there are number of requirements that must be met. Failure to meet any single requirement results in non-compliance.
- Maintain a firewall configuration to protect data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored personally identifiable and payment data
- Encrypt transmission of personally identifiable and payment data across open, public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to personally identifiable and payment data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to personally identifiable and payment data
- Track and monitor all access to network resources, personally identifiable data and payment data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
Enforcement of compliance is done by the entities facilitating our payment transactions. Thus compliance is enforced by the card brands we accept, Visa, MasterCard, Discover and American Express, and our acquirers, PayPal, Inc. and Authorize.net, Inc. Meaning, if Doubleknot becomes non-compliant one or more of the card brands we accept or our acquirers can stop our ability to process payments, increase our audit requirements and/or assess a fine of up to $500,000.
Doubleknot has maintained PCI DSS compliance since 2006.
This policy does not apply to the practices of companies, such as software publishers, that GLCBSA does not own or control or to people that GLCBSA does not employ.
When you process a payment through our web site, we will ask for your credit card details. We securely pass that information on to a payment processor to handle the authorization and charging of your order total to this account. See “Credit Card Security” link also on our web site.
Using and Sharing the Information
We collect information and do not share your personal information with, or sell or rent it to any other party. In the unlikely event that your information is requested through a subpoena, we would be obliged to share only the information requested.
GLCBSA may, at its discretion, amend this policy from time to time. If we make substantial changes in the way we use your personal information we will notify you by posting a prominent announcement on our pages.