Security Policy

Twinkle Star Baby & Party Store Security Policy

 

1. PURPOSE

The purpose of this policy is to establish business processes and procedures for accepting payment cards at Twinkle Star Baby & Party Store that will minimize risk and provide the greatest value, security of data, and availability of services to each university merchant account within the rules and regulations established by the Payment Card Industry (PCI) and articulated in the PCI Data Security Standards (DSS) implemented by the FAC (First Atlantic Commerce) whose well implemented and secure services we use to handle our online credit card transactions.

2. BACKGROUND

In response to increasing incidents of identity theft, the major payment card companies created the Payment Card Industry Data Security Standard (PCI DSS) to help prevent theft of customer data. PCI DSS applies to all businesses that accept payment cards to procure goods or services. Compliance with this Standard is enforced by the payment card companies and generally, noncompliance is discovered when an organization experiences a security breach that includes cardholder data.

3. DEFINITIONS

Cardholder

The customer to whom a payment card has been issued or the individual authorized to use the card.

Cardholder Data

All personally identifiable data about the cardholder (i.e., account number, expiration date, cardholder name.)

Encryption

The process of converting information into an unintelligible form to anyone except holders of a specific cryptographic key.  Use of encryption protects information between the encryption process and the decryption process against unauthorized disclosure.

Merchant or Merchant Department

For the purposes of the PCI DSS and this policy, a merchant is defined as Twinkle Star Baby & Party Store integrating use of Standard Credit card services (MasterCard or VISA) as payment for goods and/or services on this.

Merchant Department Responsible Person (MDRP)

A management employee at our main physical location who has primary authority and responsibility for payment card and eCommerce transaction processing within that department.

Payment Card

Any payment card/device that bears the logo of MasterCard Worldwide, or VISA, Inc.

Payment Card Account Change

Any change in the payment account including, but not limited to:

  • the use of existing payment card accounts for new purposes;
  • the alternation of business processes that involve payment card processing activities;
  • the addition or alteration of payment systems;
  • the addition or alternation of relationships with third-party payment card service providers, and
  • the addition or alternation of payment card processing technologies or channel

 

Payment Card Industry (PCI) Data Security Standard (DSS)

A multi-faceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

Sensitive Authentication Data

Security-related information e.g. CCV used to authenticate cardholders, appearing in plain-text or otherwise unprotected form.

4. APPLICABILITY

This policy applies to all users of Twinkle Star Baby & Party Store website per the handling of their credit card information by the company administrators and its affiliation with its bank and the FAC

5. ACCEPTABLE PAYMENT CARDS

Twinkle Star Baby & Party Store currently accepts VISA and MasterCard with 3d secure technology and has utilized the services of FAC through its bankers at Republic Bank Trinidad and Tobago for processing payment card transactions.

6. PAYMENT CARD FEES

All card transactions fees are incurred by Twinkle Star Baby & Party Store as a periodical payment made to our bankers. Customers pay the listed price for products and relevant shipping cost in TT currency as listed on website.

 

7. REFUNDS

When a good or service is purchased using a payment card and a refund is necessary, the refund must be credited back to the account that was originally charged. Refunds more than the original sale amount or cash refunds are prohibited.

 

8. CHARGEBACKS

Occasionally a customer may dispute a payment card transaction, ultimately leading to a chargeback. In the case of a chargeback, the merchant department initiating the transaction is responsible for notifying the accounts and for providing appropriate supporting documentation.

 

9. MAINTAINING SECURITY

  • All online payments made, the protocols for entering and use of personal and credit card data are subject to the Payment Card Industry Data Security Standards (PCI DSS) implemented by FAC (First Atlantic Commerce) as such all credit card transactions are processed securely.
  • Twinkle Star Baby & Party Store prohibits the transmission of cardholder data or sensitive authentication data via email, phone or hand-written mail as these are not secure.
  • Twinkle Star Baby & Party Store requires that all external services providers that handle payment card information be PCI compliant.
  • Twinkle Star Baby & Party Store restricts access to cardholder data to those with a business “need to know.”
  • For electronic media, cardholder data shall not be stored on servers, local hard drives, or external (removable) media including floppy discs, CDs or thumb (flash) drives unless encrypted and otherwise in full compliance with PCI DSS.
  • For paper media, cardholder data shall not be stored unless approved for legitimate business
    purposes.

 

10. TRAINING

Employees who are expected to be given access to or handles the system used for cardholder data shall be required to complete upon hire, and at least annually thereafter, security awareness training focused on cardholder data security. Employees shall be required to acknowledge at least annually that they have received training, understand cardholder security requirements, and agree to comply with these requirements.