Security Policy

The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC and the Japan Credit Bureau (JCB). VISA and Mastercard now require all merchants to adhere to the PCI security standard. Our compliance with PCI standards is certified by a certified PCI compliance services provider.

In order to maintain PCI Compliance certification, all publicly accessible internet devices and any associated domain(s) hosted on them must have been audited within the past 3 months, and all vulnerabilities categorized as Urgent, Critical, or High severity (Level 3 or greater) must have been corrected within 72 hours of their discovery.

Our sites are tested with industry-standard PCI Compliance remote vulnerability testing, and are tested at least every 90 days to pass all external vulnerability audit recommendations of the Department of Homeland Security’s National Infrastructure Protection Center (NIPC), the SANS/FBI Top 20 Internet Security Vulnerabilities list, as well as the vulnerability audit requirements of Visa’s CISP and AIS, MasterCard’s SDP, American Express’ DSS and Discover Card’s DISC security standards.

SSL Data Encryption

Forty Six Grain Company uses Secure Socket Layer (SSL) technology for mutual authentication, data encryption and data integrity. SSL is the industry standard security protocol to encode sensitive information, such as your credit card number. SSL creates a shared digital key, which only lets the sender and the receiver of the transmission scramble or unscramble information.

Data Security Compliance Statement

Forty Six Grain Company’s products and services meet the physical and technical standards, and provide all necessary controls for our customers to maintain their administrative security compliance standards. Specifically, we agrees to: Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected financial information that it creates, receives, maintains, or transmits on behalf of our customers. Furthermore, for the protection of our customer’s financial data, customer credit card information is NEVER stored on our website or servers. In summary, Forty Six Grain Company has implemented reasonable and appropriate safeguards to protect our customers financial and business information. Furthermore, McNellie’s Group agrees to report to our customers any security incident of which it becomes aware, and will authorize the termination of any customer contract in the case of any material breach of this compliance statement.