SOC 2 Compliance: Proven Protection for Your Data
RebateFirm undergoes annual audits to ensure compliance with SOC 2 standards. These standards cover five core trust principles:
- Security: Our systems are protected—both logically and physically—against unauthorized access.
- Availability: Systems are accessible and operational according to agreements.
- Processing Integrity: All processing is complete, accurate, timely, and authorized.
- Confidentiality: Designated confidential information remains secure.
- Privacy: We collect, use, store, and share personal data in line with AICPA and CICA privacy principles.
SOC 2 reports require a written assertion and detailed description of your “system.” Unlike older standards like SAS 70, which focused on “controls,” SOC 2 offers a far more comprehensive assessment.
Just like SOC 1, SOC 2 reports come in two forms. Type I reports concern policies and procedures that were placed in operation at a specific moment in time. Type II reports, on the other hand, concern policies and procedures over a period of at least – systems must be evaluated for a minimum of six months. This generally makes SOC 2 Type II reports more comprehensive and useful than type I reports when considering a possible service provider’s credentials.
A company that has achieved SOC 2 type II certification has therefore proven that its system is designed to keep its clients’ sensitive data secure. When it comes to working with the cloud and related IT services, such performance and reliability are absolutely essential and increasingly required by regulators, examiners, and auditors.
Data Security
At the core of every Rebatefirm solution is our commitment to the highest levels of data security and financial controls. We store your confidential data and handle the exchange of funds with protocols that exceed industry standards for data logging, data backup, data archiving, disaster recovery, and security monitoring. Rebatefirm is certified SOC 1, Type 2.
Your data is sensitive. That’s why we want you to feel confident in our secure measures. All of our facilities and vehicles have been security inspected and approved by the Department of Interior and other private entities. We comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and are also PCI compliant.
Ultra-High Security Checks
RebateFirm uses SAFEChecks, among the most secure business checks available. Designed by Frank Abagnale, these checks include 12+ advanced security features. They are nearly impossible to forge or alter without detection. SAFEChecks comply fully with Check 21 standards. They’re printed on true-watermarked security paper and only sold once customized for each customer. Checkissuing proudly offers SAFEChecks as part of our secure check service. Security features includes:
1. Controlled Paper Stock
2. Fourdrinier Watermark
3. Thermochromatic Ink
4. Toner Anchorage
5. Explicit Warning Bands
6. Copy Void Pantograph
7. Chemical Sensitivity
8. Chemical Wash Detection Box
9. Sequenced Inventory Control Numbers
10. Laid Lines
11. Visible Fibers
12. Fluorescent Fibers
13. Microprinting
14. Payee Area Protection
15. “Do Not Negotiate” on the Back Panel
16. Security Features Listed on the Back of Check
Ultra-High Security Envelopes
Whether personal or professional, your important mail deserves full confidentiality. Standard envelopes are often too thin, allowing content visibility under bright light. This could lead to privacy breaches without any signs of tampering.
Our security envelopes use printed internal patterns. These either tint the inside to obscure the text or distort it, making it unreadable through the envelope. At RebateFirm, we believe in taking no chances with physical mail containing sensitive information.
OFAC and Anti-Money Laundering (AML) Controls
In a digital world, fraud and money laundering are rising threats. Cybercriminals often use remittance services to obscure illegal transactions. As your business grows, so do the risks.
Understanding Regulatory Requirements
The Patriot Act requires all U.S. businesses to comply with Office of Foreign Assets Control (OFAC) regulations. Neglecting to check AML blacklists before sending payments can result in legal action by the Department of Treasury. Given the dynamic nature of global crime, Checkissuing believes that digitizing AML processes is essential for reducing payment risk.
What is OFAC?
OFAC is part of the U.S. Treasury and enforces economic and trade sanctions. It maintains the Specially Designated Nationals (SDNs) list, which includes:
- Sanctioned individuals
- Countries (e.g., Iran, Syria)
- Organizations barred from U.S. commerce
The UK’s Consolidated List of Financial Sanctions Targets serves as an equivalent. Because the U.S. SDN list incorporates the UN and UK lists, combining both offers nearly global coverage.
How OFAC Rules Affect Transactions
U.S. law requires blocking any accounts linked to OFAC-listed entities. This applies to:
- Transactions by or for a blocked person
- Funds passing through a blocked entity
- Deals involving blocked-party interests
The definition of “assets” includes present and future value in various forms—including all bank transactions.
RebateFirm uses specialized compliance software in order to help reduce both OFAC and AML risks to block and notify clients of suspicious transactions.