Perfect security system

TOP
Perfect security system

1 International standard security management

Credit card industry international information security standard “PCI DSS”

SU HONG KONG Payment Services provides card payment services through a payment system that is fully compliant with PCIDSS Ver. 3.2.1, the latest version of the international standard for all payment systems related to the protection, processing, and transmission of credit card payment information.
PCIDSS is an international standard for the protection of credit card information jointly established by five international card brands (VISA, MasterCard, AmericanExpress, Discover, and JCB). PCIDSS stipulates 12 requirements to protect card and payment information, and full compliance with PCIDSS requires an on-site assessment and periodic vulnerability testing by an accredited assessment organization approved by the PCI Data Security Standards Council (PCISSC) of the United States.
SU HONG KONG Payment Services provides credit card payment services over the Internet and will continue to provide high security services in the future. SU HONG KONG Payment Services provides credit card payment services over the Internet, and will continue to provide a more secure payment system by maintaining and providing a high security environment.

Symantec (formerly VeriSign) SSL server certificate,
Encrypted communication with SSL communication

We use SSL encrypted communication for authentication and information viewing for all credit card transactions and card authorization status checks on the management screen. TLS (Transport Layer Security) was developed by Netscape Communications and is a standardized version of SSL.
Currently, companies that handle credit card numbers and personal information use SSL communication in order to prevent information leakage due to interception or spoofing during transmission. When a user exchanges data with a server that can use SSL, the web server and the user’s computer mutually check each other while sending and receiving data, thereby encrypting the content of Internet communications and preventing spoofing. This makes it impossible for a third party (outside) to connect or view the data.

Introducing 3D Secure System

3D Secure (Personal Identity authentication payment service) is the generic name for identity authentication services provided by JCB, VISA, and MasterCard. When making a payment with a credit card, a screen for entering a pre-defined password is displayed, and authentication (identity authentication) is performed based on that password. If the password is not entered, or if the entered password is incorrect, the transaction will not take place. This prevents unauthorized use of stolen or counterfeit cards.

Security code CVV

All of our payment systems, with the exception of some functions such as batch processing, etc., require the entry and authentication of a security code as a required field. This is a 3- to 4-digit number that appears on the back of the credit card. This number is not embedded in the magnetism of the credit card, and even in the unlikely event of skimming or unauthorized theft of card information, the system will not allow payment without the credit card in hand.

2 Security measures for SU HONG KONG

Our security efforts

The most important aspect of Internet payment is the security system. We strictly manage our customers’ personal information and work daily to reduce the risk of unauthorized use to ensure that our payment services are safe and secure. Credit card information is extremely important information, and we are obligated to strictly protect it. In addition to credit card information, we also receive personal information. All of these are important information assets, and we consider our responsibility as a trustee of such information assets to be extremely serious. We consider the protection of information circulating on the network and the network system system that stores it to be an important issue, and we strive to maintain and improve security so that our customers can use our services with peace of mind. To this end, we have established the “Information Security Policy” and have put in place an information security management system to ensure that all possible measures are taken to protect the information entrusted to us.
Information security policy operation and information security management system

We have established an information security policy and related laws and regulations, and ensure that all of our directors and employees comply with the policy. We also conduct regular internal audits to ensure compliance, and have established an Information Security Committee that is constantly engaged in activities to maintain and improve information security.
Applicable information security policy and strengthening of management system of outsourced companies

When we request an outside contractor to perform work within the scope of our information security policy, we require a level of security equivalent to that of ours, and review the contract if it does not meet our required level. Our information security policy covers the people and physical and environmental resources associated with the information assets we handle. The persons include all persons who use the Company’s information assets, including directors, officers, and employees (including temporary employees), and when the work to be performed within the scope of the information security policy is outsourced to an outside contractor, the outside contractor is also included in the scope of the information security policy.
Regarding security education and improvement of information security policy

We regularly provide security education to our officers and employees. This will enable each officer and employee to understand the importance of information assets and carry out procedures for protecting information assets. We regularly review information security so that we can respond to changes in all situations, such as the situation inside our company, the situation outside our company, trends in information security, and the emergence of new risks.
Implementation of information system security measures, response to incidents and accidents

We strive to strengthen the security of our system so that the information assets we handle are protected from falsification, destruction, leakage, etc., regardless of whether they are intentional or accidental. We are doing our utmost to prevent any incidents or accidents. In the unlikely event that an incident or accident occurs and the information assets are endangered, we will immediately investigate and take measures, and we will reviewing the security system to prevent recurrence.