We've made security our top priority to ensure that customer records and transactions are kept secure at all times.
CashFlows monitors the use of our systems, which are protected using industry best practice security measures. Encrypted connections are used to communicate to our system to protect customer information, such as financial information and information that customers input to the CashFlows website.
Third party websites
The CashFlows website may contain links to third-party websites. CashFlows have no control and is not responsible for security measures, policies or practices of other websites. It is recommended that customers review relevant policies prior to use of any other website.
If any CashFlows service requires you to create an account, you must complete the registration process by providing us with current, complete and accurate information as prompted by the applicable registration form. During account creation, you will be required to create a username and password. You are entirely responsible for maintaining the confidentiality of your password and account and for all activities that occur under your account. CashFlows will not be liable for any loss that you may incur as a result of your account being misused.
As a condition of your use of CashFlows services, you will not use the services in any manner that could damage, disable, overburden, or impair any CashFlows service, or interfere with any other party's use and enjoyment of any CashFlows service. You will not attempt to gain unauthorised access to any services, other accounts, computer systems or networks connected to any CashFlows service. You will not obtain or attempt to obtain any materials or information through any means not intentionally made available through CashFlows services.
Reporting a security event
A security event is any attempted or successful unauthorised access, disclosure, or misuse of our services, including hacking and theft. Please immediately report any suspected security events to our Security function by emailing the details of the event to firstname.lastname@example.org
PCI DSS Compliance - where relevant
PCI DSS compliance (Payment Card Industry Data Security Standard) is required of all service providers that store, process, or transmit cardholder data. The program applies to all payment channels, including face-to-face retail, mail and telephone order, and e-Commerce (online payments). Compliance with PCI DSS means compliance with the required program validation by independent assessors. The PCI DSS is a single approach to safeguarding sensitive data for all card brands.
The PCI Data Security Standard consists of twelve basic requirements and corresponding sub-requirements to protect against cardholder data exposure and compromise. These are summarised as follows:
Building and maintaining secure networks;
Protecting sensitive data;
Maintaining a vulnerability program by developing and maintaining secure systems and applications;
Implementing and managing strong access controls;
Regular monitoring and testing; and
Maintaining information security policies.
CashFlows is PCI DSS Level 1 certified, the highest level of card data security.
All transaction information passed between merchant sites and our systems is encrypted using industry best practice and certificates to ensure identity and non-repudiation. Cardholder information is never passed unencrypted and any messages sent to your servers from us are secure and tamper-proof via encryption technologies.
Encryption and data storage
Once on our systems, all sensitive data is secured using industry best practice standards and solutions.