PNGMAKET is a independently registered Subsidiary of Zacq Industries Network, so this policy is covered by Zacq Industries Network (www.zacqindustries.com and www.zacqindustries.net).


This policy is responsible for managing the cardholder data security standards, while maintaining compliance through a third party PCI DSS compliant entity.

PCI DSS includes technical and operational requirements for security management, policies, procedures, network architecture, software design and other critical protective measures to prevent credit card fraud, hacking and various other security vulnerabilities and threats. The standards apply to all organizations that store, process or transmit cardholder data.

Reason for the Policy:
The standards are designed to protect cardholder information of patrons that utilize a credit card to transact business with Zacq Industries. This policy is intended to be used in conjunction with the complete PCI-DSS requirements (through our Merchant Service Provider) as established and revised by the PCI Security Standards Council.

Entities Affected by this Policy:
Zacq Industries and all third-party entities that collect, maintain or have access to credit card information must comply with this policy. These currently include:

  • – Zacq Industries website,
  • – servers and all connected databases,
  • – all third party entities that process cardholder data for any reason whether business or legal.

 

Who Should Read this Policy:
All persons who have access to credit card information, including: Every employee that accesses handles or maintains credit card information. Zacq Industries employees include full -, part-time and temporary staff members Technical staff responsible for scanning Zacq Industries’ system to ensure no credit card numbers are stored electronically.

Definitions:
Merchant Account with a Merchant ID (MID) – A relationship between Zacq Industries and Bank South Pacific in order to accept credit card transactions. The merchant account is tied to a general ledger account to distribute funds appropriately to Zacq Industries for which the account was set up.

Merchant – Zacq Industries staff or entities who has oversight responsibility for the regulation/standard. Regulation monitors stay abreast of updates to their respective regulations, ensure policies are up to date and notify BSP and Respective Clients about changes.

Credit Card Data – Full magnetic strip or the PAN (Primary Account Number) plus any of the following: Cardholder name Expiration date Service Code

PAN – Primary Account Number is the payment card number (credit or debit) that identifies the issuer and the particular cardholder account. It is also called Account Number.

Zacq Industries policy prohibits the storing of any credit card information in an electronic format on any computer, server or database including Excel spreadsheets. It further prohibits the emailing of credit card information.

Storage and Disposal:

  • – Credit card information must NOT be stored on Zacq Industries’ network servers, workstations, or laptops.
  • – Credit card information must NOT be transmitted via email.
  • – Although electronic storage of credit card data is prohibited by this policy, Zacq Industries will perform a quarterly Network scan to ensure that the policy has not been violated.
  • – All credit card processing machines must be programmed to printout only the last four or first six characters of a credit card number.
  • – Securely dispose of sensitive cardholder data when no longer needed for reconciliation, business or legal purposes. In no instance shall this exceed four years. Secured destruction must be via shredding either in house or with a third-party provider with certificate of disposal.
  • – Neither the full contents of any track for the magnetic strip nor the three-digit card validation code may be stored in a database, log file, or point of sale product.

 

Third Party Vendors (Processors, Software Providers, Payment Gateways, or Other Service Providers)
Ensure that all third-party vendors adhere to all rules and regulations governing cardholder information security. Contractually require that all third parties involved in credit card transactions meet all PCI security standards, and that they provide proof of compliance and efforts at maintaining ongoing compliance.

Training:
Ongoing training programs must be offered to train employees on PCI DSS and importance of compliance.

Responsible Organization/Party:
Zacq Industries management shall serve as the Coordinator of the policy which includes responsibility for notifying the Client(s), Bank and other third party entities about changes to the policy.

Enforcement:
The management of Zacq Industries will oversee enforcement of the policy.

Incase of any reported incidence, Zacq Industries will proceed with a response inline with Industry Standards in line with Merchant Service Provider Response Policies.

Changes to this will be communicated to affected stakeholders by Zacq Industries.

Contact enquiries@zacqindustries.net for any matters relating to this policy.