Security Policy

Your online security is our # 1 priority. The Masengo Foundation (“MF“) is therefore committed to maintaining the highest possible standards of data security to ensure that your user data and personal information are always secure.

MF’s Contribution

  • Before MF launches any product, payment service or project, a detailed risk assessment is undertaken to assess all potential risks of fraud and the relevant security controls and mitigation measures that can be deployed to adequately protect you, our Customer, against the risks identified.
  • Verified by Visa and Mastercard SecureCode
  • Transaction Security via Secure Sockets Layer (SSL) and Transport Layer Security to provide a 256-bit secure link between your browser and MF.
  • Firewalls and other technology are used to block unauthorised traffic to our site. Our state-of-the-art monitoring equipment ensures that unauthorised access is prevented.
  • Encryption & Data Storage
  • Card Security Code (CSC) and Card Verification Value or Code (CVV or CVC)
  • Links to banks and third parties
  • Employee access controls
  • Secure physical access controls to our servers, which are located within High Security Data and Disaster Recovery (DR) centres
  • Payment Card Industry (PCI) Data Security Standard compliance
  • Systems, procedures, analysis and identification of suspicious or unusual transactions
  • Email Security

Your Contribution

  • Know who you are dealing with – only interact with reputable companies
  • Check the websites Privacy Policy
  • Keep your Password Secure
  • Protect your Computer
  • Protect your Financial Data
  • Check Security Certificate
  • Protect yourself from email scams

Data Outsourcing

MF outsources all aspects of the web applications to independent suppliers skilled in security systems and secure data storage.

Third Party Systems PCI Compliant

MF’s third party systems have been certified PCI compliant by official Visa Qualified Security Assessors. This means that all of the systems and services comply with the Payment Card Industry Data Security Standard and that we actively protect our customers’ identities, personal information and financial details.

Security Criteria

  • Verified by Visa and Mastercard SecureCode
    • MF’s third party provider  has implemented the industry standard card verification schemes, Verified by Visa (VBV) and MasterCard Secure Code (MCSC).
    • MF has no knowledge of, or access to, your VBV or MasterCard SecureCode password at any time.
  • Firewalls
    • Firewalls and other technology are used to block unauthorised traffic to our site. Our state-of-the-art monitoring equipment ensures that unauthorised access is prevented.
  • Transaction Security
    • All transaction and credit card information entering MF’s systems is encrypted using 256-bit SSL certificates. No cardholder information is ever passed unencrypted in a web browser to MF.
  • Encryption & Data Storage
    • At our Data Centre rigorous physical, electronic, and personnel security measures protect your data.
  • Card Security Code (CSC) and Card Verification Value or Code (CVV or CVC)
    • MF does not store any Card Security Code (CSC), Card Verification Value or Code (CVV or CVC) no matter what type of card is presented for payment.
  • Links to other banks
    • MF authorises credit card transactions in partnership with our Payment Processor and our banking partners. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.
  • Employee access
    • Our systems allow access only to authorised staff. Your transaction information and customer card information is secure because our systems never display the full card numbers, even on administration screens.
  • Payment Card Industry (PCI) Data Security Standard compliance
    • MF’s Payment Service Provider is PCI compliant.
    • The PCI DSS is a set of security standards that apply across the card payment industry worldwide that help safeguard cardholder information and improve consumer confidence.
    • The Standard was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis.
    • For more information on the PCI compliance standards click here.
  • Keep your Password Secure

Password strength is extremely important when you are creating a password for a website.

MF’s website rates your password by taking into account the following:
    • Length of password
    • Using lower case characters [ a – z ]
    • Using upper case characters [ A – Z ]
    • Using numbers
    • Using special characters [ ! , @ , # , $ , % , ^ , & , * , _ , ‘]
The password strength is determined by using a mixture of these items (above). e.g. the more characters and variety of numbers and characters you use, the greater the password strength.
  • Protect your Computer
Consider the following recommendations to protect your computer:
    • Use an updated and patched web browser version to avoid security holes
    • Use an updated and patched operating system version to avoid security holes
    • Use an updated version of anti-virus software with automatic virus pattern download to protect your computer from malicious software from the Internet
    • Use an updated version of a personal firewall (client firewall) to protect your computer from unpermitted internet access or attacks
    • Install and use only software from trusted (internet) sources to avoid attacks or password theft
  • Protect your Personal Information
Consider the following recommendations to protect your personal information:
    • Never disclose your password to anyone, even a customer service representative from that company
    • Only provide merchants information necessary for the transaction
    • Ensure the site is encrypted before providing account or other personal information. Look for a key or lock on your screen and confirm the URL begins with https://
    • Use unique passwords – avoid date of birth, any ID Number, or simple words
    • Avoid sending personal information via email unless the security is specifically outlined
    • Always keep a record of your online transactions
    • Use a secure browser
  • Protect yourself from email scams
MF is committed to keeping your information secure. You can protect yourself by being aware of common tricks fraudsters use to obtain access to your information.
 
Consider the following recommendations to protect you from email scams:
    • Recently, some reputable companies have experienced email fraud. In these scams, individuals received an email linked to a website that looks like it came from the reputable company, often a bank or other financial institution. The email usually states that there is a problem with the customer’s account and requests the customer’s username and password. This type of scam is called spoofing or phishing. You are the first line of defense against phishing. Never provide your username and password in response to an unsolicited request.
    • A legitimate email regarding your user account, issued by MF, will always have the consistent pieces of information outlined in our Email Security Standards.
    • Only open email attachments when you recognize the sender. Attachments are sometimes used to spread computer viruses that could access your personal information.
    • Do not include sensitive information such as your full account number, ID Number, username, password, or account number in emails you send. MF will never include such sensitive information in emails we send to you.
    • Many fraudulent emails contain spelling or grammatical errors. Do not respond to an email if there are obvious mistakes.

Take Five To Stop Fraud and Scams

Take Five To Stop Fraud is a national campaign from Financial Fraud Action UK and the UK Government, backed by the banking industry coming together to tackle fraud. Stop and think.

    01
Requests to move money: A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Only give out your personal or financial details to use a service that you have given your consent to, that you trust and that you are expecting to be contacted by.
    02
Clicking on links and files: Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected email or text
    03
Personal information: Always question uninvited approaches in case it’s a scam. Instead, contact the company directly using a known email or phone number.

Too smart to be scammed? Take the Take Five test.

Friends Against Scams

Friends Against Scams aims to prevent people becoming victims of scams. Joining equips you with the knowledge you need to protect yourself from the emotional and financial impact.

You’ll learn how to:

  • Spot a potential scam and report it
  • Avoid becoming a target for scammers
  • Find out about new scams so you can take steps to protect yourself
  • Have conversations with friends, family and community to share your knowledge and raise your collective awareness

Please watch this excellent Video to become a friend against scams.

Question

If you have questions regarding security or privacy on this site please get in touch via our Contact page.