Customer Security Policy

AFFINITI Customer Security Policy

This Customer Security Policy defines the applicable security requirements that a Customer must follow when accessing the Affiniti Gateway. The examples listed in this policy are not exhaustive. AFFINITI reserves the right to remove any content or restrict or terminate Customers use of the software and services for activities or content if Customer knowingly violates this policy or any agreement pursuant to which Customer uses the services. AFFINITI may change this policy from time to time by posting the updated policy on its web site ( and all related sites operated by or for AFFINITI). Customer is deemed to accept a change to this policy upon Customer use of the software and services following any such change. If Customer does not accept this policy, Customer may not access AFFINITI's network or use any of the Affiniti software and services.

  • AFFINITI must be notified by Customer when Customer diverges or plans on diverging from "standard industry practices" regarding AFFINITI technology and security;
  • All connections or communications to AFFINITI must be made with a cryptographically secure mechanism, either in the protocol connection or by solution encryption and digital signatures;
  • Exceptions need to be approved in writing by both AFFINITI and Customer's security representative for the following: (i) production data should not be used in non-production environments; (ii) digital certificates used to interact with AFFINITI must be from certificate authorities trusted in the industry;
  • User identities and passwords used to connect to the AFFINITI environment must be kept strictly confidential;
  • AFFINITI must be immediately notified in the event of a breach of security involving Transaction Data or any Affiniti Data;
  • Service accounts used to provide system services must not be used by an individual to log into AFFINITI's environment;
  • Customer must put adequate procedures in place to ensure that access is removed for any User who are no longer authorized to access the AFFINITI network;
  • Privileges given to Users of AFFINITI applications must be appropriate for their role/position;
  • Users of the AFFINITI network must not enter false or malicious information into AFFINITI's applications or network;
  • Vulnerability and application testing may be performed by Customer only with prior written consent of AFFINITI;
  • Customer is responsible for verifying the data integrity in Customer's systems, including verification that transactions have been entered completely, accurately, and on a timely basis, which includes reconciling Customer's systems with data and reports based on its use of the AFFINITI software and services.