HomeSolutionsCredit & Debit ProcessingATM ServicesFraud ManagementCardholder Awards ProgramsPrepaid Card SolutionsCreātaCard Personalized Photo CardsXP Systems Customer SolutionsMerchant ServicesSolutions BrochuresCustomer ServiceImplementationTrainingFAQsResourcesCard MarketingNews & EventsCustomer NewsFamily ReunionShows & ConferencesNews ReleasesBulletinsAbout UsHistoryManagement TeamCase StudiesPartnersComplianceTestimonialsHoliday ScheduleContact UsSystems Link

Forgot Your Password?

"I've suggested to other vendors that they act like Pemco."
-Mountain America Credit Union

Overview
History
Management Team
Case Studies & White Papers
Partners
Compliance
Testimonials
Holiday Schedule

Compliance

Pemco Technologies complies with strict standards of information security as required by agencies and associations that govern our industry. Below you'll find some details and documentation of our commitment to security standards.

CISP/PCI: What it means and why it matters

Pemco Technologies is CISP/PCI compliant. This compliance means everything to us and to our customers. It guarantees that strong and sophisticated data security measures are in place.

Our company's most recent letter of acceptance from Visa was written on August 3, 2007. The letter states, "Thank you for continuing your participation in the Visa CISP, and for your diligence in operating within the compliance standards of the Payment Card Industry Data Security Standard."

In 2001, Visa introduced its Cardholder Information Security Program (CISP) to strengthen protection of cardholder information. This program was later incorporated into an industry-wide set of safeguards; the Payment Card Industry (PCI) standards for protecting cardholder information. Cardholders have a right to expect their institutions to uphold these standards, and auditors insist upon it.

When Pemco is audited, observance of these standards is checked on all systems where cardholder data is processed, stored, or transmitted. This includes network connections to payment card companies, financial institutions, processing companies, and remote access employees. It also includes Point of Sale (POS) environments that involve IP-based communications (Internet, VPN, dial-in, etc.).

To maintain compliance with CISP/PCI, our company is audited annually, and must meet very stringent requirements. Below are some of the areas that PCI standards examine:

Network firewalls. Firewalls control communications traffic into a company’s network, preventing unauthorized access. Detailed firewall specifications must be adhered to.
Passwords and configuration. As an example, when a new software system is purchased, the default password must be changed before installation, and the system’s components must be configured for maximum security.
Stored and transmitted data protection. Sensitive information must be encrypted, and the storage of such data kept to a minimum.
Virus protection. Anti-virus software must be installed on all desktops and e-mail systems and kept up to date.
Software updates. The latest security patches to all commercial software must be promptly installed and in-house systems must be well-maintained and tested for security.
Access. Sensitive information must be available only to those who need it and are authorized. Each system user must have a unique ID and password for both security and tracking purposes. Visitors to our facility must be properly identified and monitored.
Monitoring and testing. All data and communications systems must be monitored (activities are logged) and security systems tested.

When a vendor or auditor contacts your financial institution and inquires as to whether Pemco programs are CISP/PCI compliant, you can be assured that the answer is yes. You can find proof our CISP compliance on the following page:
Customer Service Forms
(Log-in is required to view this page.)

The PCI requirements are also publicly available at pcisecuritystandards.org.

Back to Top

SAS 70 (Statement on Auditing Standards #70)

SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants. Pemco Technologies is annually subject to an in-depth SAS 70 audit of its control activities (controls over information technology and related processes). You can find our most recent SAS audit here:
Customer Service Forms
(Log-in is required to view this page.)

Back to Top

Disaster Recovery

Pemco recognizes the necessity of maintaining business continuity in the event of a disaster. Solid recovery procedures are in place and regularly tested. You can read our document, "Pemco Disaster Recovery Support for Financial Institutions," on this page:
Customer Service Forms
(Log-in is required to view this page.)

Back to Top