Ace Payroll Security Statement
Ace Payroll Services, Inc. is committed to a security policy that provides a safe and secure technology environment for conducting business with your company.
We maintain physical, electronic, and internal procedural safeguards for your nonpublic personal information. Our operational and data processing systems are contained in a secure environment and that environment is access controlled.
To secure sensitive communications through email, online processing, remote processing, and accessing reports in pdf format, we have implemented and enabled strong encryption. We use secure sockets layer (SSL), secure protocol to protect all exchanges of information via our website links that are considered private and confidential. We use various authentication technologies, including multi-factor authentication to authenticate network users to our systems, with expiration times for relogging if the system is dormant. We have implemented other security controls such as firewalls, intrusion detection and intrusion prevention to protect our networks and your information. Our security system constantly monitors network assets for security breaches.
Email Protocols and Protecting Against Email Fraud
Email messages sent to your company with sensitive information such as social security numbers are encrypted and secure. If you possess a provider email and not a company email, it may not be secure. Ace Payroll Services, Inc. is not responsible for the security or confidentiality of communications sent to us via unencrypted Internet email messages. Unencrypted email messages traveling through the Internet are potentially subject to viewing, alteration, and copying by anyone on the Internet. Be cautious when submitting personal or financial information via unencrypted email. Send confidential information through encrypted email, the postal service, or use the telephone to speak directly with your Ace representative.
Ace wants to protect our clients by warning them about a growing form of Internet fraud, called “phishing.” Unsolicited emails are disguised to appear like requests from a legitimate business with a company's branding so that a user will log in and expose their credentials. These emails may request private information. Through using the exposed login credentials, the malicious hacker can then assume the identity of the hacked individual.
Ace Payroll Services, Inc. will at the preference of the client, communicate electronically only using secure encrypted email. Upon the request, the client will only receive explicitly solicited communications via a secured online portal. If electronic payroll information is being provided, we will then provide you with a User ID and Password to access a document. The User ID and Password are created by Ace.
If you receive an email from Ace Payroll Services, Inc. prompting you to login to read a message for which you had not previously solicited nor expected, do not reply or click the hyperlink. Please contact Ace Payroll Services, Inc. Immediately to verify the message was sent with intent from Ace Payroll Services.
Remote Payroll Software and Online Processing
Ace Payroll Services, Inc. uses the following protocols for clients conducting remote payroll processing or online processing to ensure the security of your company and employee information:
Web Browser Encryptions
In order to access your account via Internet-based software, your browser must support 128-bit encryption and secure sockets layer
(SSL) version 3.0 protocol. These technologies provide security and privacy when accessing the software and prevent “man in the middle” exploits, as well as others. Alternatively, Ace Payroll Services, Inc. also provides a non-browser based payroll processing solution which also employs an SSL connection and has the added benefit of leaving zero data footprint on client computers.
User Name and Password Protection
Upon client setup, Ace Payroll Services, Inc., software requires certain password complexity. Passwords must contain a minimum number of characters as well as the use of both a special character and a numeral. Passwords have a predetermined date of expiration and the same passwords cannot be used subsequently.
Ace utilizes TeamViewer’s QuickSupport and QuickJoin software for training on the Ace's payroll platform, Evolution. This software allows us to collaborate with the client and share screen views as well as desktop access.
The following security features are included for the QuickSupport and QuickJoin applications:
- No permanent installation. It is merely an executable file. After exiting or deleting this file, TeamViewer can no longer be started.
- As soon as you close the application, it is no longer possible to connect or access your computer.
- All actions are visible to the user. It is not possible to establish a hidden connection. A session information window is always displayed at the bottom right edge of the monitor during a TeamViewer session.
- No hidden file transfer in the background. If files are being copied, an additional dialog window always opens at the customer side in the center of the monitor and indicates which files are being transferred.
- User who is sitting in front of the computer has priority. The control of the user sitting directly in front of the computer has always priority over remote control.
Ace Payroll Services, Inc. records and archives business calls for the safety and verification of our client's business communications. These tapes are also used to train for customer service and to ensure accuracy in procedures.