ALLIANCE CREDIT SECURITY POLICY
Effective September 28, 2021
Alliance Crédit, whose head office is located at 3055 Saint-Martin Ouest, Suite T500, Laval, Quebec H7T 0J3 encourages you to read this security policy carefully.
Data Security
To help protect the confidentiality of personal credit and payment information in our database, we follow security and compliance measures to help ensure that personal information remains private. These measures include:
- Restricting access to legitimate subscribers who have permissible purpose and appropriate consent, as applicable, to use the information by screening our members
- Suppressing specific information on certain credit reports and consumer disclosures
- Using private, dedicated lines for communications
- Use of firewall and encryption technology
- Controlling our associates’ database access through secured passwords and access codes, while obtaining our associates’ annual commitment to our security policy
These and other procedures enable us to facilitate secure and unbiased transactions, which helps protect you and your customers.
Security, Governance and Compliance:
Alliance Crédit maintains robust security, compliance and governance programs that uphold the global, evolving legal and regulatory requirements of our industry, as well as our own high standards. In particular, we focus on protecting the privacy, integrity and sensitivity of information under our stewardship.
Data Communication Requirements
Your business must meet each of the following criteria before Alliance Credit can begin setting up your account. If the following are not in place, you are not eligible to become a customer:
- Your business must become a member of Alliance Credit and fulfill all required contracts, including our terms and conditions.
- Your business and the data communicated must comply with Alliance Credit internal policies as well as legal data communication requirements, including consent where applicable.
- Browser with 128-bit encryption
- Windows® 95 or later operating system
- Valid credit information file for testing purposes
- For each of the files that you provide to Alliance Crédit: a file header, certain file data and an additional record
Data Transfer Options
Choose from several options to transmit your data to us including Internet solutions, leased lines and Virtual Private Networks (VPNs).
Internet solutions (FTP/FTPS/HTTPS)
Encryption standards
All Internet transmissions are required to be encrypted dynamically or statically. Dynamic encryption occurs automatically when using any 128-bit enabled TLS client. Currently, we support PGP® (Pretty Good Privacy®) for static encryption. There are no restrictions on what type of client is used for file transmission. Most standard FTP clients that can use an alternate port (i.e., 10021 instead of 21) can be used to transmit data. For transmissions that will not use encryption software, we recommend compressing the file. The following table summarizes the Internet options:
Internet transmission options
Software protocol | Encryption | Client | File size limits |
HTTPS | Dynamic – TLS 1.3 | Web Browser | Up to 500MB |
FTPS | Dynamic – TLS 1.3 | Most FTPS Clients | Up to 2GB |
FTP | Static – PGP | Most FTP Clients | Up to 2GB |
Leased Lines
FTP
Leased line connections are dedicated circuits that allow system-to-system connectivity. FTP with or without encryption may be used to move data between systems. Files of any size may be sent in this method. The use of leased line connectivity eliminates the need for encryption, unless required by the customer, because the connection is point to point. FTP is a barebones data mover with no compression, recovery or restart capabilities. Recovery from any failure in the transmission requires the entire file to be resent. In addition, there is logging only at the initiating site, which makes trouble diagnosis difficult.
Security and Validations
Choose the Electronic Data Transmission (EDT) method that satisfies your desired level of security and is compatible with your existing systems.
EDT solutions security measures
HTTPS
Description
Secured Internet solution. This method requires a Web browser capable of 128-bit encryption.
Connection security
A Web browser capable of 128-bit Secure Socket Layer encryption is necessary for data transmission. The Secure Socket Layer works to encrypt, authenticate and exchange data over insecure public networks using HTTP. Transmissions are ID and password specific.
Data security
Electronic transmissions are set up using a unique ID and password. This acts as a validation checkpoint from sender to recipient and helps prevent any compromising of data provider information. In addition, after the transmission has been received and verified, the data is loaded to a program specifically created for each data provider (the same as we do for physical media). This program performs additional validations, using customer-specific ID fields before processing to our database.
FTP(S)
Description
File Transfer Protocol. This transmission method uses an existing Internet connection for file transfer, but requires some type of encryption software for safe data exchange. Encryption may be performed before or during transmission. (Note: Customer may need to purchase software.)
Connection security
Encryption software that requires the exchange of public keys or an TLS-capable client is used to transmit data. Depending on the transmission choice, data may be encrypted before or during transmission.
Data security
Electronic transmissions are set up by either an exchange of encryption keys or a dynamic encryption process. This acts as a validation checkpoint from sender to recipient and helps prevent any compromise of data provider information. In addition, after the transmission has been received and verified, the data is loaded to a program specifically created for each data provider (the same as we do for physical media). This program performs additional validations, using customer specific ID fields before processing to our database.
DATA PROTECTION
The data is processed in such a way as to guarantee appropriate security using physical, technical or organizational measures relevant to the state of the art in the field, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage. Depending on the needs, the risks, the costs and the processing purpose, these measures may include the pseudonymization and encryption of data. Alliance Crédit implements a procedure aimed at testing, analyzing and regularly evaluating the effectiveness of technical and organizational measures to ensure the security of processing.
Questions
For any questions regarding the security policy, please send your request by email to the following address;[email protected]
Any request must be clear, precise and justified and carried out in accordance with the applicable legal framework.