Cultivating & Marketing Professionals® (“CAM Pros®,” C&M Professionals," “we” or “us”) provides services (“ “Payments Services”) to small and mid-sized businesses. The Terms of Service (the “Payment Terms”) constitute a legal agreement between you (“Merchant,” “you,” or “your”) and CAM Pros limited liability company with offices at 1660 S University Dr. Ste. 1125 Fort Worth, TX 76107and governs your use of Payment Services. You must agree to these Payment Terms to use the Payment Services. The Payment Terms effective on the date you sign up for the Marketing 360 Payment Services (the “Effective Date”) and remain in effect until terminated as provided below. The Service Agreement, the Terms of Service and the other documents incorporated by reference herein are collectively referred to as the (“Agreement”). These Payment Terms may be reviewed at any time at camarketingpros.com/legal.
To protect the credit card data of our clients- as well as to comply with the Payment Card Industry Data Security Standards (PCI-DSS), Cultivating & Marketing Professionals set standards and procedures for secure and reliable processing of credit card data.
This policy applies to all employees taking payments from clients on behalf of services for Cultivating & Marketing Professionals who have access to credit or debit card numbers accepted for payments to us.
Cardholder Data - The full magnetic stripe data of the card, any portion of the card number beyond the last four digits and card expiration date. Sensitive Authentication Data - Security-related information, including but not limited to card validation codes/values, full track data (from the magnetic stripe or equivalent on a chip), PINs, and Card Verification Codes (CVV, CVC, CSC, etc.)PCI-DSS - The Payment Card Industry Data Security Standard - an information security standard for organizations handling credit cards from the major brands. Cardholder Data Environment - Systems which are involved in the processing or transmission of cardholder data, along with those systems deemed to be involved with those credit card data, or with access to systems involved with credit card data.P2PE - Point to Point Encryption. This refers to credit card processing terminals
Acceptance of Payment Terms
By accepting the Service Agreement, the client is also accepting the specified "term" of the agreement whether it is a month-to-month agreement or annual. You agree that payments can be automatically deducted from the account inputted into the client portal unless via email or in written form requesting termination of services, the account will continue to be deducted while the client is receiving services by Cultivating & Marketing Professionals.
Acceptance of Credit Card Payments
Access to Customer Credit Card Data
Access is authorized only for our personnel who are responsible for processing or facilitating credit card transactions. Such authorization must be conducted by Chief of Finances. All clients will receive a direct invoice via a third party processing company in which will allow them to input their own data in order to receive services.
Transmission of Credit Card Information
Insecure transmission of cardholder data is prohibited. Cardholder data can only be transmitted via approved encryption protocols and methods, which may change over time due to newly discovered security vulnerabilities.
Receipt of Credit Card Information via Email
Under no circumstances should cardholder data be sent or requested via email. A standard template advising the sender that the transaction cannot be processed should be sent in reply (with the credit card information in the original email redacted). The email should offer acceptable methods for making payments through CAM Pros existing approved procedures. The message containing the cardholder data should then be immediately deleted (and deleted from the trash).
When recording credit card information for processing, only cardholder name, account number, expiration date, zip code, and street address may be recorded. It is not permissible to record and store the sensitive authentication data (including the three digit security code. Such a code can be asked for over the phone if it will be entered into a secure, approved Point- to-Point Encrypted terminal. If cardholder data needs to be kept before processing, it should be stored in a secured (locked) area before processing.
Processing Credit Card Transactions on Campus Computing Devices
Offices that make payment card transactions on a computer (by entering a customer's credit card number on a website or through a vendor's payment software) must do so from a computer or device designated and approved for that purpose. These computers must be setup and secured by Chief of Information and placed on the restricted PCI VLAN (Virtual Local Access Network).Card numbers must never be entered on any computer or device not on the PCI VLAN. The credit card may only be swiped (or have its internal chip read) by systems on the PCI VLAN,or using an approved P2PE card reader.
Storage of Credit Card Information
Electronic storage of cardholder data, or sensitive authentication is expressly prohibited under any circumstance. Cardholder data should be retained in a secure location only as long as is necessary for business purposes. Cardholder data must be destroyed when no longer needed (via cross-cut paper shredders, or by being placed in a shred box provided by Internal Controls).Sensitive authentication data must be immediately destroyed after the transaction is processed.
Equipment Verification & Storage
All credit card equipped is disbursed by a third party and will be reviewed consistently for any glitches by our Chief of Information and Security Officer to maintain up-to-date information and processing.