KBOO credit and debit cardholder information is handled electronically on the KBOO website, manually by phone and manually by hand or mail delivery.

Electronic Web-based Credit and Debit Card Transactions

• Cardholder information entered by listeners into the website is processed and secured by KBOO’s merchant service provider. KBOO has no access to this information, nor does KBOO store cardholder information on any server.
• KBOO’s online membership form is a secure web page.

Manual Credit and Debit Card Transactions

• Cardholder information is written on a form#, either by the cardholder, a trained volunteer or any KBOO employee, and stored in a locked container.
• The KBOO finance department processes credit and debit card transactions using internet-based merchant service software on an approved PCI-compliant computer. Cardholder information is not stored electronically.
• After processing, cardholder information is stored in a locked container and shredded within six months.
• Staff and trained volunteers from specific departments* have access to locked containers that store cardholder information.

Third-party Security Testing

• A PCI-approved third party performs monthly vulnerability scans via the Internet. The KBOO computer used to process credit and debit card transactions is scanned for file weakness, potential hacking vulnerabilities and firewall