Security

collegehockeyplayer.net is a Go Daddy hosted site. The SSL Certificate is current can be verified by observing the https in the URL.


collegehockeyplayer.net is certified by Security Metrics as PCI-DSS compliant. We utilize state of the art credit card processing and banking. We do not capture any payment card information. Instead collegehockeyplayer.net utilizes Authorize.net and TD Bank Merchant Services. All electronic transactions take place through secure PCI compliant connections and at no time are in the possession of either collegehockeyplayer.net or of Go Daddy. For further information on the bank's security policy see below. Specific questions may be directed to chp@collegehockeyplayer.net.


Merchant Levels & Validation Requirements

All merchants that store, process, or transmit cardholder data must comply with PCI DSS and validate their compliance using the appropriate method.

Below are the descriptions of the merchant levels and the validation requirements for each level, as determined by Visa Canada and MasterCard.


Payment Application Data Security Standard (PA-DSS)

The Payment Application Data Security Standard (PA-DSS) is a standard managed by the PCI SSC. This standard is based on Visa’s Payment Application Best Practices (PABP).

Many merchants deploy third party payment applications that are tailored to their business needs to assist them in accepting credit card payments. The goal of PA-DSS is to assist software vendors in developing secure payment applications that do not store prohibited data, such as full magnetic stripe data, card verification values, or PIN data, and ensure their payment applications support compliance with the PCI DSS standard. Vulnerable payment applications that store prohibited data are the leading cause of account data compromises among small merchants.

Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements. In-house payment applications developed by merchants or service providers that are not sold to third parties are not subject to the PA-DSS requirements, but must still be secured in accordance with the PCI DSS. PA-DSS is not applicable to standalone point-of-sale terminals, database software or web server software.

Further information on PA-DSS including a list of payment applications that have validated their compliance to PA-DSS can be found at:

www.pcisecuritystandards.org

Files coming soon.

Download