SOC II
RebateFirm’s systems are audited yearly to ensure compliance with SOC II standards with regard to the 5 key sections below:
- Security: The system is protected, both logically and physically, against unauthorized access.
- Availability: The system is available for operation and use as committed or agreed to.
- Processing Integrity: System processing is complete, accurate, timely, and authorized.
- Confidentiality: Information that is designated “confidential” is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with the privacy principles put forth by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
SOC 2 requires a written statement of assertion and a description of one’s “system”. The written statement of assertion is required by the management of the service organization, along with a description of one’s “system”. Of interest is that the historical SAS 70 auditing standard required a description of “controls”, which is generally perceived to be not as comprehensive or detailed as that of the description of a “system” for SOC 2 compliance (and SOC 1).
Just like SOC 1, SOC 2 reports come in two forms. Type I reports concern policies and procedures that were placed in operation at a specific moment in time. Type II reports, on the other hand, concern policies and procedures over a period of at least – systems must be evaluated for a minimum of six months. This generally makes SOC 2 Type II reports more comprehensive and useful than type I reports when considering a possible service provider’s credentials.
A company that has achieved SOC 2 type II certification has therefore proven that its system is designed to keep its clients’ sensitive data secure. When it comes to working with the cloud and related IT services, such performance and reliability are absolutely essential and increasingly required by regulators, examiners, and auditors.
Data Security
At the core of every Rebatefirm solution is our commitment to the highest levels of data security and financial controls. We store your confidential data and handle the exchange of funds with protocols that exceed industry standards for data logging, data backup, data archiving, disaster recovery, and security monitoring. Rebatefirm is certified SOC 1, Type 2.
Your data is sensitive. That’s why we want you to feel confident in our secure measures. All of our facilities and vehicles have been security inspected and approved by the Department of Interior and other private entities. We comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and are also PCI compliant.
Ultra-High Security Checks
RebateFirm utilizes SAFEChecks, some of the most secure business checks printed in the world. Designed by Frank Abagnale with 12 safety features, the check is nearly impossible to replicate or to alter without fraud leaving physical evidence. Fully compatible with today’s Check 21 environment (bank imaging), the distinct appearance and combination leave virtually no room for error or check fraud. SAFEChecks are printed on true-watermarked security paper and are never sold blank without first being customized for and by each customer. For your protection, Checkissuing is proud to represent SAFEChecks as our secure check service. Security features include:
1. Controlled Paper Stock
2. Fourdrinier Watermark
3. Thermochromatic Ink
4. Toner Anchorage
5. Explicit Warning Bands
6. Copy Void Pantograph
7. Chemical Sensitivity
8. Chemical Wash Detection Box
9. Sequenced Inventory Control Numbers
10. Laid Lines
11. Visible Fibers
12. Fluorescent Fibers
13. Microprinting
14. Payee Area Protection
15. “Do Not Negotiate” on the Back Panel
16. Security Features Listed on the Back of Check
Ultra-High Security Envelopes
Whether professional or personal, your essential items deserve full confidentiality in a security envelope. Regular white standard envelopes are thin, and the contents can sometimes be viewed just by holding them up to a bright light. Without even evidence of tampering, your valuable information can easily slip into the wrong hands. Patterns printed on the inside of security envelopes protect both you and the recipient from unwanted viewing. The pattern either develops a tint that makes it difficult to see through the exterior of the envelope or distorts the text contained in the contents making it illegible. Here at RebateFirm, we believe it is better to be safe than sorry when handling physical mail of high importance.
OFAC and Anti-Money Laundering (AML) Controls
In the world of digital economies, the risk of money laundering and fraud is at an all-time high. Cyber-criminals use remittance services as a means to mask illegal trade and transactions. As a business grows, so do hackers, and they aren’t always easily distinguished or country-specific. The Patriot Act requires all persons and companies doing business in the US to comply with Office of Foreign Assets Control (OFAC) regulations. Organizations who knowingly or negligently disregard checking with AML blacklists before making payments to individuals can face legal action through the US Department of Treasury. Because of the fast-changing nature of global and intelligence activities, Checkissuing believes that an entirely digital process for AML is essential to reducing the illegal payment risk.
OFAC is a part of the US Treasury Department that administers economic and trade sanctions based on U.S. foreign policy. OFAC distributes a database on Specially Designated Nationals (SDNs) which includes individuals and countries (e.g. Syria, Iran, etc.) that are sanctioned from participating in U.S. commerce. All Parties in the US or in non-sanctioned countries, sometimes have known money launderers. In the United Kingdom, the Consolidated List of Financial Sanctions Targets is an SDN-equivalent list. Because the US SDN list incorporates the United Nations list and the UK’s Consolidated List includes the EU list, the use of both provides virtual global coverage.
U.S. law requires all accounts of an OFAC-specified country or individual to be blocked when such property is located in the United States or comes into the possession of U.S. individuals. For example, if there is an OFAC-designated party to the transaction, and the funds come from overseas, routed through a U.S. bank to an overseas bank, it must be blocked. The definition of assets is vast and is specifically defined within each sanction program. Assets and property include anything of direct, indirect, present, future, or contingent value (including all types of bank transactions). Financial Institutions must block transactions that:
- Are by or on behalf of a blocked individual or entity
- Are to or go through a blocked entity; or
- Are in connection with a transaction in which a blocked individual or entity has an interest.
RebateFirm uses specialized compliance software in order to help reduce both OFAC and AML risks to block and notify clients of suspicious transactions.