OUR KIDS WIN! - Better Schools Through Smarter Shopping

legal
terms of use privacy policy credit card security statement

Credit Card Security Statement

Executive Summary
OurKidsWin! highly values the data privacy of Members, Merchants and school districts, and is committed to maintaining the security of that data. To safeguard data privacy, OurKidsWin! is implementing comprehensive security policies and seeks continual improvement to its practices and policies.

One aspect of privacy is the inability to obtain personal information, such as member information and credit card numbers.

First and foremost, note that OurKidsWin! does not obtain information sufficient to complete a transaction, if the system were to be compromised. The credit card is used for tracking only, not purchases. OurKidsWin! does not collect either the expiration date nor the code on the back of the card necessary.

Credit Card transmission
OurKidsWin! utilizes the same techniques as financial services and e-commerce sites when transmitting credit card information from the end user to the server which maintains the information. The data is transmitted in an encrypted format, meaning that if one were to eavesdrop on the data transmission, what is seen would be nonsensical.

A user can normally discern when this is occurring, by seeing https as the precursor to the text in the top of the browser.

OurKidsWin! does use third party processors to handle the rebate processing information. Files are exchanged between OurKidsWin! and Golden Retriever Systems (GRS), Inc. GRS is a subsidiary of Vital Processing Services and was originally set up as part of VISA. More information can be found at http://www.grsgroup.com. The transmission of files uses PGP encryption and requires a digital key to decrypt it at the receiving end. In other words, if a file were to be intercepted, the receiver would not have a key and would be unable to open it and read its contents.

Credit Card Storage
There are multiple layers of prevention in the storage of the credit card information.

First, the credit card information is physically separate from the member information. If one were to obtain a list of member names or a list of credit card numbers, they would be meaningless.

To correlate the two, a user would need to gain access to both the member database and the credit card database, each of which require additional authentication (log in security) parameters.

Furthermore, the credit cards are stored encrypted, per industry standard practices, thus making the data useless if someone were to obtain it without going through the OurKidsWin! applications.