Sign up for our Inspire Newsletter and receive a free Churches Guide to eGiving.
Enter your email address to get started.

Why Choose Us  
Results  
Testimonials  
Faith Direct vs. Others  



Overview | PCI Compliance | Auditing |  Insurance

Overview

Faith Direct is fully compliant with the security regulations set forth by the Payment Card Industry (PCI) Security Standards Council. As a Level 1 merchant our systems are subject to quarterly security scans and a comprehensive annual on-site recertification process. Supporting documentation is available upon request.

Faith Direct maintains an annual SOC 2 report performed by an independent accounting firm in accordance with the auditing standards developed by the American Institute of Certified Public Accountants (AICPA). Supporting documentation is available upon request.

All Faith Direct transactions are covered under the terms of the Federal Reserve and the National Automated Clearing House Association. Faith Direct also maintains extensive error and omission and crime shield insurance policies.

Faith Direct will only share information with the organization to which enrolled members are giving so that it may accurately record member contributions. Faith Direct will never rent, sell, exchange or lend your personal information to any other third party.

View our Privacy Policy.

Back to Top

PCI Compliance

 Faith Direct is fully compliant with the security regulations designed by the Payment Card Industry (PCI) Security Standards Council. As a Level One merchant our systems are subject to the highest level of scrutiny contained in the Payment Card Industry Data Security Standard (PCI DSS) requirements. The systems and procedures practiced by Faith Direct meet or exceed each of the 12 requirements in the PCI DSS. Faith Direct’s secure systems are subject to quarterly security scans and a comprehensive annual on-site recertification process performed by a qualified security assessor. To download the Faith Direct Certificate of Compliance click here. To view the Faith Direct listing on Visa and Master Card’s list of compliant merchants please visit the links below.

Click here to view the Visa Compliant Service Providers List
Click here to view the MasterCard Compliant Service Providers List 

What is PCI? The Payment Card Industry Data Security Standard is a comprehensive set of requirements designed to protect payment account data security. These standards known as the PCI DSS were developed by the Payment Card Industry Security Standards Council and are accepted by all major payment brands including; American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International.

The PCI DSS has been broadly adopted to maintain a consistent data security standard that is centrally maintained by members from all aspects of the payment card and security industries. The PCI DSS takes a multifaceted approach to protecting payment card information. This approach which includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures provides organizations a method for proactively protecting secure customer financial data.

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor- supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security

All merchants whether small or large need to be PCI compliant. While enforcement of the PCI DSS is dependent on each payment brand, as the adopted standard of all brands, every merchant processing credit cards must be PCI DSS compliant. Any merchant that is not certified as PCI compliant is subject to fines and may have its ability to process credit cards revoked. For more information on the PCI DSS please visit the website for the PCI Security Standards Council.

Back to Top 

SOC 2 Audit
The Report on Controls 2, SOC 2, replaced the SAS70 in 2011 as the widely accepted auditing standard issued by the American Institute of Certified Public Accountants (AICPA). An auditor's examination performed in accordance with SOC 2 ("SOC 2 Audit") includes an in-depth audit of the subject organization's control objectives and activities - often including controls over information technology and related processes. Undergoing such an audit is widely recognized as a mark of an organization's commitment to controlling risk in all aspects of their objectives and activities.


The SOC 2 report is a thorough documentation of controls in place at a service organization relevant to security, availability, processing integrity, confidentiality and privacy.  Independent auditors measure controls in place and their effectiveness in limiting risk over a time period exceeding several months. The SOC 2 report provides a description of the organization's controls and an opinion, provided by the independent auditor, as to whether or not the controls are suitably designed to achieve the specified control objectives.

Faith Direct completes an annual SOC 2 report which thoroughly examines the controls in place in our program's procedures to ensure that the control objectives designed by the independent auditors were achieved during the time period of the audit. The controls implemented by Faith Direct satisfy every control objective outlined by the independent SOC 2 auditor. The resulting report contains what is known as an unqualified opinion expressing that Faith Direct has taken the precautions to limit risk in all aspects of their operation.

For more information on the SOC 2 audit please follow the link below. 
http://www.aicpa.org/i nterestareas/frc/assuranceadvisoryservices/pages/aicpasoc2rep ort.aspx

To request a copy of the Faith Direct SOC 2  audit please click here to contact a Faith Direct representative.

Back to Top

I nsurance

Faith Direct maintains the following insurance policies through The Hartford Company.

  • General Liability
  • Errors and Omissions
  • Crime

For more specific information, or certification requests, please click here to contact a Faith Direct representative.

Faith Direct employees are subject to complete criminal and credit background checks to limit the risks for criminal activities. The Crime Policy maintained specifically covers the following insuring agreements:

  • Employee Theft
  • Depositors Forgery and Alteration
  • Theft, Disappearance and Destruction of money, securities and other property
  • Computer and Funds Transfer Fraud

Privacy

Faith Direct will only share information with the organization to which enrolled members are giving so that it may accurately record member contributions. Faith Direct will never rent, sell, exchange or lend your personal information to any other third party.

View our full Privacy Policy here.

Back to Top
HOME HOW IT WORKS WHY CHOOSE FAITH DIRECT MEDIA & EVENTS FAQ CONTACT US PRIVACY STATEMENT

Copyright © 2011 Faith Direct Inc. - All rights reserved - Powered by GMD Technologies