Compliance and Security
Compliance
DMP is Level 1 PCI DSS compliant. (PCI DSS is a mandatory global standard established by the major card associations to ensure the protection of cardholder data.) Based on 12 guidelines, the PCI DSS requires a merchant’s physical and virtual environments be secure to ensure protection of cardholder data. The PCI DSS requires building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy.
DMP utilizes PCI DSS practices when processing online, EFT, ACH transactions, and ICL transmissions.
Security
DMP processes and manages all donations, payments, and data in a safe and secure environment. This is the highest priority for our company and our clients. Given today’s world, we understand your concerns and have created the maximum level of accuracy and security for every client. DMP’s security focus extends well beyond typical direct response processing firms.
Facilities
DMP’s two 30,000 square foot facilities were specifically built for our business and are not accessible to the public. Outside doors are locked at all times and employees enter a specific location with security card. Each employee’s security card allows access to their particular work area only. All employees are bonded. Visitors, once vetted, are required to have a personal escort. More than 60 security cameras monitor the interior and exterior premises with digital recordings 24/7. Any funds requiring overnight storage are locked in fire-proof vaults, with separate security systems and very limited access by designated management.
Workplace security is provided by a combination of electronic card control systems, high-resolution motion sensitive digital video surveillance systems, and onsite personnel. Movement throughout the facility is further tracked by usage of electronic card keys. The entire DMP HQ campus is alarmed and an off-site service continuously monitors security systems for fire, smoke, and unauthorized entry. Fire extinguishment systems are throughout the buildings.
Production
Each DMP production area is independently secure as well. Highly-refined production processes require that multiple employees are involved in critical functions, with both continuous audits and management oversight. Robust login criteria assures the highest level of access to applications by designated employees. Client data is accessed and processed only by those personnel screened and authorized to work on a particular account. Each DMP employee has a unique login and password that must be used to access customer data. Supervisors monitor the use of these IDs and passwords to ensure that only authorized personnel access applications and client data.
DMP’s internal network is highly secure and protected from outside access by advanced firewall technologies. Only specific ports are opened from inside for applications used by internal employees. A small number of authorized external applications are allowed to access DMP’s internal network, and are continuously monitored. All other traffic flows inside out. All servers and workstations utilize eTrust Antivirus software with live updates implemented daily to ensure current virus protection. eTrust also monitors email attachments and only allows certain file formats to enter the mail system, after passing scanning and security protocols.
Both facilities and production security are continuously monitored and tested for 100% compliance.