This policy covers funds received via credit card from a client or business and follows Payment Card Industry Data Security Standards (PCI DSS) for securely processing, storing, transmitting and disposing of cardholder data.

• All centrexIT employees authorized to accept payment cards (debit & credit cards) must follow this policy in order to protect cardholder data and ensure PCIDSS compliance.

• centrexIT policy is that we do not generally accept payment cards as a form of payment.

• In the rare case that we do accept a credit card payment, it is processed through a 3rd party vendor, Stripe Inc., in the Stripe payment processing platform for the internet.

• We contact the business by phone to ask for the verbal credit card information.

• The verbal credit card information is then entered directly into the Stripe software portal.

• The CEO, president, technology VP, controller & staff accountant have access to this portal and the login credentials are stored in the 1Password vault with only these same people having access to the 1Password vault.

• Payment card data may not be transmitted or stored in any other system, server, personal computer or e-mail account.

• This policy is stored in the cIT Accounting Manual in the centrexIT – Accounting channel in MS Teams and also as a KB article in Halo for the entire company to view.