Data Storage & Backup, and Online Security
Security
The Arts People software runs on the robust and ultra secure Amazon Web Services (AWS) -- one of the most powerful and secure cloud platforms in the world. Amazon Web Services provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world: http://aws.amazon.com/security/
This platform is used by numerous companies including IBM, PBS, Yelp, Vodafone, Dow Jones, Expedia, Instagram, and many more: http://aws.amazon.com/solutions/case-studies/#app
According to Amazon, “Amazon Web Services (AWS) is certified as a PCI DSS 3.2 Level 1 Service Provider, the highest level of assessment available. The compliance assessment was conducted by Coalfire Systems Inc., an independent Qualified Security Assessor (QSA). The PCI DSS Attestation of Compliance (AOC) and Responsibility Summary are available to customers by using AWS Artifact, a self-service portal for on-demand access to AWS compliance reports.”
http://aws.amazon.com/security/pci-dss-level-1-compliance-faqs/
Transactions
Transactions are protected by industry standard e-commerce security policies and practices. For example, information is encrypted then transmitted over Secure Socket Layer internet, to a secure payment gateway service which processes the credit card payment. Then, we receive only an approval (or decline) code, not the credit card information, which we record in a secure database, also maintained in AWS. With the rare exception, such as monthly donations, we do not store credit card information, and if storage is needed, we do so under heavy encryption.
Availability
To ensure high availability, Amazon cloud servers have multiple internet connections to alternate backbones and redundant power backups. In fact, our customer’s data is maintained on servers that exist virtually in two different Amazon data centers in different regions of the country. What’s more, the real-time back-up (mirror) is maintained in a third data center. None of these servers or backups are exposed directly to the internet, and are shielded by a network firewall and a secure gateway -- belt and suspenders.
PCI Compliance
Arts People is certified PCI compliant.
Arts People's PCI compliant to credit card processing and storage regulations
There are several levels of compliance in accordance to a company’s function and size. Arts People is considered a level 3 provider, and so the depth of our compliance is much greater for us. We, therefore, take extra measures to make sure our customer’s credit card data is protected, and our efforts are checked by a third party.
First, we contract with Amazon Web Services to protect the physical and mechanical part of our network. Amazon handles much more rigorous security than even we need, offering high level protection for governments, hospitals, and many international corporations.
Second, our networks are scanned by complicated and rigorous software that can expose weaknesses and exploits. The results of these weekly scans are then monitored by the security experts at SecureEdge. We immediately fix any urgent problems based upon their recommendations.
Finally, we attest that we meet or exceed the PCI-DSS 3 and that attestation is then validated by the experts at SecureEdge. This process is performed annually in close coordination with our payment process to assure compliance.
Administration
Finally, our web servers and mission-critical infrastructure are updated multiple times a month and on demand, when needed. This protects us (and you) from exploits and vulnerabilities.