EFI is PCI Compliant!

PCI Compliance

EFI adheres to industry-accepted standards and is committed to the protection of all of the personal and payment account data for our customers.

SOC Reports are internal control reports on the services provided by a service organization. They provide valuable information that users need to assess and address the risks associated with an outsourced service.      
     

How EFI is Compliant

The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accepts credit card payments. At EFI we accept card payments and store, process and transmit cardholder data. All that data needs to be stored securely. Each year our company is audited to ensure we follow specific processes and procedures that comply with the Payment Card Industry Data Security Standard. Information security is of the highest importance to us.

Information Security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. EFI is committed to an active information security program that protects client, customer data, internal data, employee’s devices, and computers.

Here are a few areas that we can focus on as employees to do our part to be in compliance:
 

• Locking our computers: leaving your computer unlocked is a lot like leaving your car running with the doors unlocked. Anyone could sit at your computer and gain access to your private information. Be sure to lock your computer every time you leave it alone.
• Passwords: did you know it can take a hacker 20 minutes to figure out a password that is 6 lower case letters and at least 2 numbers (example: friend12)? At EFI. It is mandatory to have a password longer than 16 characters and we encourage using symbols in addition to numbers.
• Reporting Emails: emails are the number one way hackers obtain information. Posing as a legit person or company, hackers will send you an email asking you for personal data. This technique is called phishing. Personal information should never be sent using email, so be aware of these emails and do not respond.
• Physical Security: at EFI our first priority is the safety of our employees. Over the past year we have installed a new system that requires badges to get into the building. For our safety is important to not let anyone else in the building. If you see an unauthorized person attempting to get into our building please report it and be aware of who is coming into the building behind you.
• Never Write Anything Down: another way that hackers obtain PII from companies is by going through their trash. That’s why it’s against our policies at EFI to never write down any customer information on paper. For other documents, we make sure to dispose them properly using the EFI paper bins located around the office.
• Reporting Issues: every employee is encouraged to report any issue regarding security immediately by informing their direct supervisor or manager. If something doesn’t look right, chances are it’s not and it should be notified.