Menu
Log in
Forgot password
Log in

PCI Compliance Policy

PCI Compliance Policy for Payment Systems

  1. Introduction - This policy outlines the Utah Association of Mortgage Professionals' adherence to the Payment Card Industry Data Security Standard (PCI DSS) requirements. Our payment processing systems—both online and mobile—are designed to protect cardholder data in compliance with PCI DSS standards. 
  2. Scope - This policy applies to all payment transactions made through our third-party online payment processor and our mobile payment system via Square terminals. It covers the protection of cardholder data and the procedures we follow to ensure the security of this information.
  3. Responsibilities -
    • Board Members and Staff: Ensure adherence to PCI DSS standards when handling payment systems.
    • Third-Party Providers (Online Processor): Ensure their platform is PCI-compliant and regularly audited.
    • Square Terminal Users: Ensure the Square terminal is used in compliance with PCI DSS and is regularly updated to meet security requirements.
  4. Data Security Standards - We adhere to the following PCI DSS standards to ensure cardholder data is protected:
    • Encryption of Cardholder Data: All sensitive payment information is encrypted during transmission across open, public networks.
    • Limited Data Storage: We do not store cardholder data such as credit card numbers, expiration dates, or CVVs beyond the transaction process.
    • Access Control: Only authorized personnel have access to cardholder data.
    • Monitoring and Testing: We regularly monitor our payment systems for any potential vulnerabilities and conduct regular testing to ensure they meet PCI DSS requirements.
  5. Use of Third-Party Payment Processor -
    • Online Payments: All online payments are processed through a secure, PCI DSScompliant third-party payment gateway. The provider is responsible for ensuring that transactions are processed securely and cardholder data is protected.
    • Square Terminal Payments: Our mobile payment processing through Square terminals is also PCI-compliant. The Square terminal is configured to ensure secure transactions, and all payments are encrypted to meet PCI standards. 
  6. Incident Response - In the event of a data breach or suspected compromise of cardholder data:
    • Immediate Action: We will notify all affected parties and take immediate steps to secure the system.
    • Investigation: A thorough investigation will be conducted to determine the cause and scope of the breach.
    • Reporting: Any incidents involving cardholder data will be reported to the appropriate authorities and regulatory bodies as required by PCI DSS.
  7. Regular Audits and Compliance Reviews - We conduct regular PCI DSS audits to ensure ongoing compliance. Our third-party processors and Square terminals are subject to the same regular reviews to verify they remain PCI compliant. 
  8. Contact Information - If you have any questions or concerns about our PCI compliance policy or if you believe there has been a breach in our payment systems, please contact us at info@uamp.org.


Utah Assocation of Mortgage Professional

PO Box 708010 Sandy, UT 84070

Email us at info@uamp.org


PCI Policy          Privacy Policy         Contact Us

Powered by Wild Apricot Membership Software