Whenever you are viewing confidential information in your browser, data is being transmitted from our servers to your computer. For all such data communication, we use a 256-bit encryption protocol called SSL (Secure Socket Layer) that is specifically designed to prevent the data from being intercepted and hacked. The use of this protocol is evident when the "http" prefix in your browser's address bar changes to "https" - for example, when you log in to your account.
Our site has been secured by GoDaddy, the largest provider of SSL certificates in the world. Wherever you see the GoDaddy seal, you may click on it for information about our use of the SSL protocol.
Rainbow Rewards authenticates users through the use of usernames and passwords. To the extent you are careful to keep this information confidential, it is a secure means of providing account information, rewards and special offers only to authorized users.
Rainbow Rewards uses an industry-standard encryption technology called MD5 (Message Digest 5) to protect card numbers. Using a sophisticated algorithm, MD5 scrambles the card number into a hash or a meaningless sequence of characters. It is a one-way hash in the sense that it cannot be reverse-engineered to determine the original card number.
As a result, only the last four digits of a card number are displayed so that you know which cards are registered with Rainbow Rewards. In fact, we do not even store the full card number on our system - only the hash.
We use multiple firewalls and other intrusion prevention technologies to protect our systems and data resources. Our networks are regularly scanned by Coalfire Systems, certified by the PCI Security Standards Council as an Approved Scanning Vendor, and reviewed for any potential vulnerabilities. Software upgrades and patches are applied diligently to keep our systems secure.
In order to maintain a high level of security through the transaction collection and validation phase, Rainbow Rewards has partnered with Golden Retriever Systems, the leader in loyalty transaction processing. GRS is a wholly-owned subsidiary of TSYS (NYSE:TSS), the preeminent supplier of acquiring solutions, related systems and integrated support services to the acquiring industry and its customers.
Rainbow Rewards has also partnered with First Data Commercial Services, which represents nearly 5 million merchants worldwide. FDCS is a business unit of First Data Corporation (NYSE:FDC), the world's largest provider of payment processing services to financial institutions, businesses and governments.
Both GRS and FDC are compliant with the Payment Card Industry Data Security Standard (PCI DSS), which means they meet the rigorous data processing and security requirements set forth by the Visa CISP and MasterCard SDP programs. To maintain PCI compliance, annual audits are performed by Coalfire Systems, certified as a Qualified Security Assessor.
Security Precautions Worth Noting
Rainbow Rewards will never ask for your full 16-digit card number, and you should never send us your full card number. If we require a receipt or statement as proof of purchase, you should send it to us using our secure fax number and ensure that the full card number is not on the receipt or statement before faxing.
In very rare cases, a Rainbow Rewards employee may call to speak with you directly. The caller will identify themselves as an employee of Rainbow Rewards and you should feel free to ask to call back. To get the number, call information, look us up in a directory or visit our website - each provides a degree of confidence the caller is not masquerading as an employee of Rainbow Rewards.