Highest Security as Standard

With todays ever-changing electronic world and more sophisticated criminal organisations keen on using sensitive data for fraud purposes, keeping up with technology is a very serious challenge. As a result, Eazy Collect endorses a security policy with no short-cuts and no exceptions when it comes to the safety of yours and your customers' data.  We’ve backed it up with development and project work totalling £71,000 on security alone in the last six months.

Research conducted by our I.T. and security analyst found that several of our competitors don’t place the same priority on the serious risk of sensitive data loss.

Data Security / Business Continuity Policy

Following an in depth investigation conducted by CISSP qualified analysts in November 2008, we identified where we could further improve on our already thorough security and backup infrastructure. These steps include, but were not limited to:

• Extensive upgrades to physical security, including Infra Red CCTV recording with motion detection in key access areas, 24 hour monitoring of alarm system, surveillance and external car park and door access control.
• Upgrading our existing SSL certificates to EV SSL verification and registration with GlobalSign for higher encryption levels
• Secondary One Time Passwords can be sent to authorised client manager’s mobile telephones held on your account, following a series of verbal security checks, in the event a client loses their password token, ensuring smooth running of client accounts and no interruption to business.
• The introduction of a live imaged, off-site, virtual machine cluster for the eventuality of fire / flood / terrorism damage to our premises. This will enable us to use our Telephones, Servers and PCs elsewhere at a secure facility in the event of a complete disaster at our head office. This will enable us to be functional within an hour of a complete failure and ensures business continuity.
•  Installation of new Network perimeter security including ICSA certified hardware firewall devices, dedicated high speed internet feeds with N+1 redundancy, to ensure high availability of our web services.

PCI DSS

This is the Payment Card Industry Data Security Standard.  Every company that takes payment by debit and credit card is required to be compliant.  When you choose Eazy Collect you'll have a head-start as using our systems, you'll automatically be compliant on the technology front.  We'll give you the tools and guidance to ensure you remain compliant on the business process front and in particular the requirements around information storage and receipt handling.

The standard is grouped into 6 categories:

1. Network Security - a properly maintained, Secure IT Network
2. Protection - Cardholder data needs to be protected from 3rd party access
3. Low Risk - A Vulnerability Management program is in place to check for any risks
4. Access Control - Robust login and passwords with access on a need-to-know basis.
5. Monitoring - Ensures an audit trail and that access is authorised
6. Enforcement - Security Policy in place and enforced with regular checks