About alletronic

Privacy & Security - Security FAQ

Why do you ask for my credit, debit or check card information?

This is one of the ways we are able to identify you and your allEtronic account at the checkout stand. Any card you have can be linked to your account and used for account identification to electronically transmit your receipt, initiate a paperless return, or automatically redeem your coupons. This can all be accomplished with the swipe of a card. You can register as many credit, debit, or check cards as you like. Each card will be associated with your allEtronic account.

Do I have to register my cards with allEtronic?

No. If you don't feel confident enough in the security measures we've taken to protect your partial card numbers, then by all means, don't register them. Keep in mind you will need to provide your phone number to the cashier at the checkout counter to identify your account.

Do I give you my full credit card numbers?

No. There are 16 digits on your Visa, MasterCard and Discover credit and debit cards, and 15 digits on your American Express cards. We only need enough information to identify you with your card. Therefore, you only need to submit the first 6 and last 4 digits of your card numbers along with the expiration date when linking your cards to allEtronic. It is impossible to charge your card with this amount of information. This process is what makes allEtronic 100% secure.

This is what a linked card's information looks like:

How Secure if the Information We Collect?

allEtronic uses bank-level data security verified by Trustwave and McAfee. allEtronic is also certified as a Level 2 Service Provider according the PCI Security Standards Council. You're customer profile and transaction history is safe, secure, and 100% confidential.

Furthermore, allEtronic is committed to industry best practices concerning security measures to prevent the loss, misuse and alteration of the information in our possession. Visitor information is encrypted during transmission, our company databases are accessible only by person who have entered into and are bound by a confidentiality and nondisclosure agreement with allEtronic.

Do you host your servers on allEtronic grounds?

For security purposes, we do not host our services on allEtronic properties. Instead, our servers are hosted by a company that is PCI Compliant according to Card Association Regulations.

ABOUT OUR PCI COMPLIANT HOSTING COMPANY:
SAS 70 Type II

Our host company has processes and safeguards in place designed to protect the assets and data we entrust in them. They have passed an SAS 70 examination which is designated by the U.S. Securities and Exchange Commission (SEC) as an acceptable method for a user organization's management to obtain assurance about a service organization's internal controls without conducting separate assessments.

A service auditor's examination performed in accordance with SAS No. 70 (SAS 70 Audit) is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. A Type II report not only includes the service organization's description of controls, but also includes detailed testing of the design and operating effectiveness of the service organization's controls.

Our host company has completed an examination in conformity with the Statement on Auditing Standards No. 70 (SAS 70). Completion of the SAS 70 Type II examination indicates that processes, procedures and controls have been formally evaluated and tested by an independent accounting and auditing firm. The examination includes the company's controls related to security monitoring, change management, service delivery, support services, backup and environmental controls, and logical and physical access.

PCI Security Standards Council Member

The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for payment card account data protection. Endorsed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc., the Council's members have a voice in shaping the PCI Data Security Standard, an organization's best protection against data criminals. By participating in the Council, our hosting company is regulated by the latest payment card security standards while playing an active part in setting these standards as well.

Physical Security
  • Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitor access to every data center.
  • Only authorized data center personnel are granted access credentials to their data centers. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort.
  • Every data center employee undergoes multiple and thorough background security checks before they're hired.
Precision Environment
  • Every data center's HVAC (Heating Ventilation Air Conditioning) system is N+1 redundant. This ensures that a duplicate system immediately comes online should there be an HVAC system failure.
  • Every 90 seconds, all the air in the data centers are circulated and filtered to remove dust and contaminants.
  • Their advanced fire suppression systems are designed to stop fires from spreading in the unlikely event one should occur.
  • All cables are securely tied down with cable racks suspended from ceilings, providing dual routes for all cables.
Conditioned Power
  • Should a total utility power outage ever occur, all of the centers' power systems are designed to run uninterrupted, with every server receiving conditioned UPS (Uninterruptible Power Supply) power.
  • UPS power subsystem is N+1 redundant, with instantaneous failover if the primary UPS fails.
  • If an extended utility power outage occurs, routinely tested, on-site diesel generators can run indefinitely.
Core Routing Equipment
  • Only fully redundant, enterprise-class routing equipment is used in data centers.
  • All routing equipment is housed in a secured core routing room and fed by its own redundant power supply.
  • Fiber carriers can only enter the data centers at disparate points to guard against service failure.
Network Technicians
  • It is a requirement that the networking and security teams working in the data centers be certified. It is also required that teams be thoroughly experienced in managing and monitoring enterprise level networks.
  • Certified Network Technicians are trained to the highest industry standards.