SECURITY POLICY

ALLIANCE CREDIT SECURITY POLICY

Effective September 28, 2021

Alliance Crédit, whose head office is located at 3055 Saint-Martin Ouest, Suite T500, Laval, Quebec H7T 0J3 encourages you to read this security policy carefully.

Data Security

To help protect the confidentiality of personal credit and payment information in our database, we follow security and compliance measures to help ensure that personal information remains private. These measures include:

  • Restricting access to legitimate subscribers who have permissible purpose and appropriate consent, as applicable, to use the information by screening our members
  • Suppressing specific information on certain credit reports and consumer disclosures
  • Using private, dedicated lines for communications
  • Use of firewall and encryption technology
  • Controlling our associates’ database access through secured passwords and access codes, while obtaining our associates’ annual commitment to our security policy

These and other procedures enable us to facilitate secure and unbiased transactions, which helps protect you and your customers.

Security, Governance and Compliance:

Alliance Crédit maintains robust security, compliance and governance programs that uphold the global, evolving legal and regulatory requirements of our industry, as well as our own high standards. In particular, we focus on protecting the privacy, integrity and sensitivity of information under our stewardship.

Data Communication Requirements 

Your business must meet each of the following criteria before Alliance Credit can begin setting up your account. If the following are not in place, you are not eligible to become a customer:

  • Your business must become a member of Alliance Credit and fulfill all required contracts, including our terms and conditions.
  • Your business and the data communicated must comply with Alliance Credit internal policies as well as legal data communication requirements, including consent where applicable.
  • Browser with 128-bit encryption
  • Windows® 95 or later operating system
  • Valid credit information file for testing purposes
  • For each of the files that you provide to Alliance Crédit: a file header, certain file data and an additional record

Data Transfer Options

Choose from several options to transmit your data to us including Internet solutions, leased lines and Virtual Private Networks (VPNs).

Internet solutions (FTP/FTPS/HTTPS)
Encryption standards

All Internet transmissions are required to be encrypted dynamically or statically. Dynamic encryption occurs automatically when using any 128-bit enabled TLS client. Currently, we support PGP® (Pretty Good Privacy®) for static encryption. There are no restrictions on what type of client is used for file transmission. Most standard FTP clients that can use an alternate port (i.e., 10021 instead of 21) can be used to transmit data. For transmissions that will not use encryption software, we recommend compressing the file. The following table summarizes the Internet options:

Internet transmission options

Software protocol

Encryption

Client

File size limits

HTTPS

Dynamic – TLS 1.3

Web Browser

Up to 500MB

FTPS

Dynamic – TLS 1.3

Most FTPS Clients

Up to 2GB

FTP

Static – PGP

Most FTP Clients

Up to 2GB

Leased Lines
FTP

Leased line connections are dedicated circuits that allow system-to-system connectivity. FTP with or without encryption may be used to move data between systems. Files of any size may be sent in this method. The use of leased line connectivity eliminates the need for encryption, unless required by the customer, because the connection is point to point. FTP is a barebones data mover with no compression, recovery or restart capabilities. Recovery from any failure in the transmission requires the entire file to be resent. In addition, there is logging only at the initiating site, which makes trouble diagnosis difficult.

Security and Validations

Choose the Electronic Data Transmission (EDT) method that satisfies your desired level of security and is compatible with your existing systems.

EDT solutions security measures
HTTPS

Description

Secured Internet solution. This method requires a Web browser capable of 128-bit encryption.

Connection security

A Web browser capable of 128-bit Secure Socket Layer encryption is necessary for data transmission. The Secure Socket Layer works to encrypt, authenticate and exchange data over insecure public networks using HTTP. Transmissions are ID and password specific.

Data security

Electronic transmissions are set up using a unique ID and password. This acts as a validation checkpoint from sender to recipient and helps prevent any compromising of data provider information. In addition, after the transmission has been received and verified, the data is loaded to a program specifically created for each data provider (the same as we do for physical media). This program performs additional validations, using customer-specific ID fields before processing to our database.

FTP(S)

Description

File Transfer Protocol. This transmission method uses an existing Internet connection for file transfer, but requires some type of encryption software for safe data exchange. Encryption may be performed before or during transmission. (Note: Customer may need to purchase software.)

Connection security

Encryption software that requires the exchange of public keys or an TLS-capable client is used to transmit data. Depending on the transmission choice, data may be encrypted before or during transmission.

Data security

Electronic transmissions are set up by either an exchange of encryption keys or a dynamic encryption process. This acts as a validation checkpoint from sender to recipient and helps prevent any compromise of data provider information. In addition, after the transmission has been received and verified, the data is loaded to a program specifically created for each data provider (the same as we do for physical media). This program performs additional validations, using customer specific ID fields before processing to our database.

DATA PROTECTION

The data is processed in such a way as to guarantee appropriate security using physical, technical or organizational measures relevant to the state of the art in the field, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage. Depending on the needs, the risks, the costs and the processing purpose, these measures may include the pseudonymization and encryption of data. Alliance Crédit implements a procedure aimed at testing, analyzing and regularly evaluating the effectiveness of technical and organizational measures to ensure the security of processing.

Questions

For any questions regarding the security policy, please send your request by email to the following address;[email protected]

Any request must be clear, precise and justified and carried out in accordance with the applicable legal framework.