Billhighway, ChapterSpot, greekbill, and Impexium are now re:Members.
Login or Pay Now
REQUEST A DEMO

Security & Compliance

How We Keep Your Data Safe & Secure

We understand the importance of security and compliance in today’s business world and we are committed to protecting the information of your members.

Compliance Program

Our compliance program incorporates risk-based control reviews, annual internal and external audits, third-party contract and vendor management reviews and provider compliance assessments to ensure continued compliance with regulatory requirements.

Audits

  • PCI-DSS Level 1 Certification (re:Members Chapter Performance, re:Members Unified Finance)
  • SOC 1, Type 2 Certification (re:Members Chapter Performance, re:Members Unified Finance, re:Members Choice Finance, re:Members AMS)
  • SOC 2, Type 1 Certification (re:Members AMS)
  • Nacha Certification (re:Members Chapter Performance, re:Members Unified Finance)

Assessments & Reviews

  • Visa, MasterCard, and AMEX Compliance Reviews
  • Visa Global Registry of Service Providers (re:Members Chapter Performance, re:Members Unified Finance)
  • Enterprise Risk Assessment
  • Risk-based Internal Control Review

Programs

  • Record Retention and Disposal Program
  • Third-Party Risk Management Program

Customers &
Third Parties

  • Third-Party Vendor Assessment Reviews
  • Pre-Sales Engagement, Contract Review, and Post-Sales Support

Security Program

Our Security Program is designed to limit access to the entire network environment, and we utilize a variety of controls to prevent environmental misuse of information.

  • We undergo rigorous control reviews and annual external audits to ensure the security of our platforms.
  • Protects our system accounts and network environment in a layered approach for overall security
  • Our company takes significant precautions to protect the customer data and privacy to which we are entrusted.
Identify
Protect
Detect
Respond
Recover
  • Suite of monitoring and security tools to secure our environments
  • Risk Management Assessment completed annually to assess our overall company risk
  • Next generation firewalls and web application firewalls
  • Next generation anti-virus and malware/ransomware protection
  • Daily operations monitoring and alerting
  • Network segmentation
  • Multi-factor authentication (MFA)
  • Annual cyber/AML/fraud training
  • SIEM/MDR monitored 24/7 by a third-party
  • Quarterly vulnerability scanning by a third-party
  • Bi-annual penetration testing
  • Various third-party monitoring tools and dashboards
  • Security Incident Response Plan in place
  • Trusted resources for cyber intelligence and support
  • Forensics teams available as needed
  • Daily backups/cloud storage
  • Replication services in Azure
  • Cyber insurance
  • Business Continuity Program in place

Software Platform & Data Security Standards

We understand the potential impact on our clients and our organization if member data or payment information were to be compromised.

PCI Level 1 Certified

(re:Members Chapter Performance, re:Members Unified Finance)

To mitigate against potential breaches, we made the decision to invest in becoming PCI Level 1 certified. This means that our infrastructure, systems and processes undergo a rigorous annual series of audits by accredited third parties. In order to successfully satisfy these criteria, we are required to maintain the highest level of security standards in the payment card industry.

Annual SOC Audit

(SOC 1 - re:Members Chapter Performance, re:Members Unified Finance, re:Members Choice Finance, re:Members AMS and SOC 2 - re:Members AMS)

We also conducts an annual SOC audit by an independent accounting firm. The purpose of this audit is to validate the design and operating effectiveness of the controls in our description of its Financial Management Platform and Accounting Solutions System.

Assessed Controls

The controls assessed in the platform include the following processes:

• New Client Setup and Implementation
• Incoming Funds Control
• Funds Processing Controls
• Outgoing Funds Controls

Credit Card Security Acknowledgement

Processor Responsibilities

Secure Processing: We use state-of-the-art encryption technology to secure your credit card information when you make a purchase or transaction with us. We ensure accurate and timely processing of all credit card transactions.

Compliance with Standards: We comply with the Payment Card Industry Data Security Standard (PCI DSS) and other relevant regulations that govern the security of credit card transactions.

Regular Audits: We conduct regular security audits and continuous monitoring to ensure that our systems and processes remain secure.

Technical Support and Maintenance: Provide ongoing technical support to resolve issues with credit card processing. Maintain and update processing environment to ensure smooth operation.

Reporting and Statements: Reports and monthly statements are made available to clients. Ensure transparency in fees and charges applied to transactions.

Client Responsibilities

Protection of Information:

  • Please ensure that your credit card details are kept secure at all times.
  • Do not share your credit card information openly or through unsecured channels.
  • Provide accurate and complete information required for processing transactions.
  • Ensure all transaction details are complete and accurate before submission to the processor.

Regular Monitoring: Regularly monitor your credit card statements and alert us immediately if you notice any unauthorized transactions or discrepancies.

Secure Access: Make sure that any personal accounts used to transact with us are secured with strong passwords and, where available, enable two-factor authentication.

Notification of Loss or Theft: Notify your card issuer immediately if your credit card is lost or stolen and inform us so we can take appropriate measures to protect your account.

Hosting Services

Our platforms are fully hosted in the cloud, utilizing Amazon Web Services (AWS) and Microsoft Azure to deliver a highly scalable, fault-tolerant, and redundant environment. This cloud-based approach ensures a fully elastic platform that can scale seamlessly based on demand.

We have implemented multiple layers of redundancy at every service layer using advanced technologies such as load balancing, auto-scaling, and high-availability configurations to ensure continuous uptime and system reliability.

We invest in state-of-the-art cloud infrastructure, leveraging the latest hardware and software to eliminate single points of failure. Our infrastructure is designed with a strong focus on compliance, security, and continuous monitoring of all critical systems to safeguard your data.

Cloud Platforms

Our cloud platforms leverage the most state-of-the-art technology provided by our partners.

Our cloud-based operations rely on the most advanced technologies available from our trusted cloud providers, AWS and Azure, ensuring high performance and reliability for all managed IT operations and application hosting.

We have built our cloud solution to be secure, fault-tolerant, and scalable.

Our engineers maintain cutting-edge skills and awareness of the newest features and options available.

We maintain a robust lab environment where we evaluate new technology for applicability and adoptability.

Partnerships with architects and engineers that allow us to quickly adopt modern technology without unnecessary risk.

Technical Support
Operations
Disaster Recovery
  • Our engineers and architects maintain up-to-date training.
  • Our most critical systems have enterprise-level support with 24/7 four-hour response Service Level Agreements.
  • We do not engage channel partners for support unless required by the vendor.
  • We have named contacts with second level support for all of our critical hardware and software platforms.
  • The entire support team receives up-to-the notifications of health and alerts that impact the stability of the system.
  • We maintain direct support relationships with all of our hardware and software vendors.
  • Our rapid response team reacts with an all-hands-on-deck mentality when unexpected events occur.
  • Our extensive monitoring platform gives our support team up to the minute awareness of the health of our systems.
  • Our operations philosophy is fast paced, with a focus on stability and performance.
  • Every configuration change or code deployment is evaluated for security and impact based on an established process of rigorous testing and in-depth peer review.
  • Every change is created in our development environment and test deployed in staging before being approved for production.
  • Our Quality Assurance team weighs in on every major change before implementation.
  • Our engineers and architects maintain up-to-date training.
  • Our most critical systems have enterprise-level support with 24/7 four-hour response Service Level Agreements.
  • We do not engage channel partners for support unless required by the vendor.
  • We have named contacts with second-level support for all of our critical hardware and software platforms.
  • The entire support team receives up-to-the notifications of health and alerts that impact the stability of the system.
  • We maintain direct support relationships with all of our hardware and software vendors.

Network Security

Our network architecture has been designed to minimize the threat of outside attacks. UTM firewalls, Demilitarized Zone (DMZ), and an Intrusion Detection/Prevention System (ID/PS) are deployed to protect the network segments where the relevant applications reside.

Firewalls & Infrastructure

Industry-standard firewalls and switching infrastructure employ a combination of security measures to restrict access, including routing, VLANs, public/private NATs, and port/protocol restrictions governing access between trusted and untrusted interfaces.

Web Application Firewalls

Web Application Firewalls (WAF) are also in place to provide a higher layer, more intelligent protection for more sophisticated attacks. The WAFs reside in the DMZ behind the corporate firewalls.

Anti-Virus & Anti-Malware

Antivirus and anti-malware are installed on active user workstations. We utilize a multi-tiered diagnostic approach by deploying a Cloud-based SPAM and Ransomware / Virus protection system to keep our systems secure. Virus signature definitions are automatically updated throughout the day.

Risk Management

We also deploys a managed 24/7 SIEM / MDR, that extends our risk management profile by utilizing threat hunting, Machine Intelligence, and anomalous behaviors to identify, detect and prioritize any threat to the environment. Our SOC team is immediately alerted to any vulnerability and cyber threat and provides a clear path to response and eradication as required.

Physical Security

Each of our locations provides sufficient security to restrict personnel to authorized areas.

Compliance Team

The team works to prevent, detect, and respond to business conduct that is inconsistent with the organization’s values, as well as regulatory requirements.

Our regulatory and security compliance efforts are continually reviewed and enhanced.

Using a risk-based approach, the team evaluates internal controls across the organization to ensure alignment with PCI DSS and SOC 1, Type 2 and SOC 2, Type 1 control requirements, depending on the product.

The team monitors organizational controls for federal, state, and other country regulatory requirements.