Security & Compliance
PropertyBridge maintains a secure and compliant infrastructure ensuring the highest standards are upheld for all of its property management clients. This includes compliance with all federal, state, local, Department of Real Estate, Card Association and NACHA rules.
Real Estate Regulatory Compliance Highlights:
| * Separate merchant accounts in the name of each community underwritten by the financial institution |
| * Direct funds disbursement to direct deposit accounts for each property |
| * Separate direct deposit accounts per property for security deposit funds if required by state regulations |
| * No commingling of funds |
| * Permission and access control to manage resident and community manager access |
Additional Measures to Ensure Security and Compliance:
- PCI Level 1.2 and Visa CISP Certification
- SAS 70 Type II Audit
- ACH Audit
- 128 Bit SSL
- Access Controls and User Permissions
PCI Data Security Standard 1.2 and Visa CISP
Endorsed by payment card organizations including Visa and MasterCard International, the Payment Card Industry (PCI) Data Security Standard regulates the security and business processes of service providers that store, process or transmit consumer credit card data. Level 1.2 compliance with PCI data security standards is the highest level possible, and is only issued to organizations that process in excess of 1,000,000 transactions annually.
PropertyBridge received its certification as a ‘Level 1.2 Payment Gateway Service Provider’ for the fourth year running, the longest current span among multifamily housing industry payment processors. Implementing Level 1.2 PCI practices within the multifamily housing industry significantly reduces the risk, fraud and potential consumer data security breaches faced by property management offices.
| In addition to compliance with the PCI Data Security Standard, PropertyBridge satisfies the requirements of Visa U.S.A.’s Cardholder Information Security Program (CISP), and is included on Visa’s ‘List of Compliant Service Providers.’ The List, located at www.visa.com/cisp acknowledges those service providers that have met the rigorous security requirements of Visa CISP. |
|
SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) and is identified in Section 404 of the Sarbanes-Oxley Act to assist public companies reliant on service organizations for functions related to financial reporting. A SAS 70 report focuses on a service organization's control activities -- including management of information technology and related processes.
PropertyBridge is recognized as a 'SAS 70 Type II Service Provider,' successfully passing the most stringent form of examination. PropertyBridge received an 'unqualified' opinion for the SAS 70 Type II review, indicating that that each of the control objectives specified by the service organization were met without any significant exception or deficiency. The Type II form of SAS 70 examination not only includes the service organization's description of controls related to information technology and security processes, but also includes detailed testing of these controls over a minimum six-month period. In contrast, the more limited Type I report only details the controls in place at a single point in time, and includes an auditor's assessment that is limited to whether the controls in operation were suitably designed.
The audit, performed by the CPA firm of Armanino McKenna LLP, examined in detail all aspects of PropertyBridge's information technology, processing and operational procedures, and indicates that PropertyBridge maintains a secure, stable and compliant infrastructure that satisfies the requirements of Section 404 of the Sarbanes-Oxley Act. This is a key factor for publicly held real estate investment trusts (REITs) that maintain large portfolios of residential properties.
The annual Automated Clearing House (ACH) audit validates that an organization is in compliance with ACH Operating Rules and meets all applicable audit requirements. Although the audit can be performed as a self-assessment, PropertyBridge chose to utilize an outside ACH auditing firm, Payments Nation, to validate its compliance and aid the company in identifying potential areas of risk within its processes.
When a resident or community manager initiates a one-time or recurring credit card payment, they submit the credit card number through a secure 128/256 Bit Strong SSL Encrypted web site.
Access Controls and User Permissions
- User name and password for all users
- Resident and Community Manager status – activate or deactivate at any time
- Refunds – permission granted to Community Manager by client
