Document information and change log

Document Information

Change log

Gender And Entity Neutrality

The masculine form is used solely for the sake of better readability. It always refers to persons of any gender identity (m/f/diverse). This document uses the abbreviation “Give” for all legal entities and subsidiaries.

Table of Contents

Introduction        3

Objective        3

Scope        3

Responsibilities        3

Management        3

PCI Compliance Team:        3

Employees        4

Merchant Agreement        4

PCI Level Requirements        4

Security Measures        5

Monitoring and Compliance Reporting        5

Conclusion        5

Introduction

Give Corporation is committed to ensuring the security of cardholder data and maintaining compliance with the Payment Card Industry Data Security Standard (PCI DSS). This Merchant PCI Compliance Program outlines our dedication to safeguarding sensitive payment card information and the responsibilities of all employees and stakeholders in achieving and maintaining PCI compliance.

Objective

The primary objective of our Merchant PCI Compliance Program is to:

• Protect cardholder data from unauthorized access, disclosure, and misuse.
• Comply with the requirements of the PCI DSS to maintain a secure payment processing environment.
• Minimize the risk of data breaches and fraud.
• Preserve the trust and confidence of our customers and partners.

Scope

This program applies to all employees, contractors, vendors, and partners who handle payment card data or have access to systems, networks, and processes that could impact the security of such data. It encompasses all systems, processes, and technologies involved in payment card transactions within Give Corporation.

Responsibilities

Management

Senior management is responsible for providing the necessary resources, leadership, and oversight to ensure PCI compliance.

Management will establish a PCI compliance team or designate a responsible party to oversee compliance efforts.

PCI Compliance Team:

The PCI compliance team is responsible for:

• Conducting regular risk assessments and vulnerability scans.
• Developing and maintaining policies, procedures, and security measures to comply with PCI DSS.
• Monitoring and enforcing compliance across the organization.
• Conducting PCI training and awareness programs for employees.
• Reporting on compliance status to senior management and relevant stakeholders.

Employees

All employees are responsible for adhering to PCI policies and procedures.

Employees must complete PCI training and promptly report any security incidents or suspected breaches to the PCI compliance team.

Merchant Agreement

In adherence to the card brand requirements, on the Merchant Agreement the merchant will check a box acknowledging they are PCI Compliant. If the merchant is uncertain if they are PCI Compliant then the merchant will be directed to complete the Self-Assessment Questionnaire A and Attestation of Compliance at https://listings.pcisecuritystandards.org/documents/SAQ_A_v3.pdf. Our merchants use an endpoint, the only access to our secured environment is through a token. Cardholder information is not available to our merchants.

The merchant is required to protect transactions and sensitive information. Give offers Merchant Training to merchants on how to protect transactions and sensitive information.

PCI Level Requirements

Security Measures

Give Corporation will implement a range of security measures to achieve and maintain PCI compliance, including but not limited to:

• Secure network architecture and access controls.
• Encryption of cardholder data during transmission and storage.
• Regular vulnerability assessments and penetration testing.
• Strong access management and authentication practices.
• Monitoring and auditing of systems and processes.
• Incident response and data breach notification procedures.

Monitoring and Compliance Reporting

Give Corporation will regularly assess PCI compliance through ongoing monitoring, audits, and assessments. Compliance reports will be generated and reviewed on a routine basis. Any non-compliance issues will be addressed promptly, and corrective actions will be implemented.

Conclusion

This Merchant PCI Compliance Program is a foundational element of our commitment to protecting cardholder data and maintaining a secure payment processing environment. Achieving and maintaining PCI compliance is a shared responsibility among all employees and stakeholders at Give Corporation.

The information contained herein is intended to provide a general overview of the Company’s policies and procedures relating to compliance with this Policy and does not constitute legal advice or a complete description of the laws and regulations relating to this Policy. The Company has made every effort to ensure the accuracy and completeness of this Policy.  This document is intended to provide guidance to employees of Company on how to comply with applicable laws and regulations related to this Policy. Employees should consult with the Legal or Compliance Department if they have any questions about the Policy or how to comply with it. Company reserves the right to modify or update this Policy at any time without notice. Employees are responsible for reviewing the Policy on a regular basis to ensure that they are aware of any changes. This Policy applies to all employees of Company, regardless of their position or location unless stated otherwise in the Policy. Employees are responsible for complying with the Policy and for reporting any suspected violations to their respective supervisor, the Legal Department, AMLCO or respective recipient of such violation as outlined in this Policy.