Article 1. Scope

Kidy Phyllis Interiors maintains this Payment Security Policy to establish and enforce rigorous standards for protecting all financial transactions conducted through our e-commerce platform, customer service channels, and affiliated payment processors. This document articulates our technical, operational, and administrative safeguards in compliance with international security frameworks including the Payment Card Industry Data Security Standard (PCI DSS) v3.2, the Kenya Data Protection Act (2019), and relevant provisions of the European Union’s General Data Protection Regulation (GDPR).

Article 2. Payment Processing Infrastructure

We partner exclusively with PCI-certified payment service providers, including Flutterwave for card processing and M-Pesa integrations, and PayPal for international transactions. These partnerships ensure that sensitive payment data never enters our direct systems. All payment information is encrypted during transmission using TLS 1.3 protocols with perfect forward secrecy, while stored transaction records are protected through AES-256 encryption and tokenization. Our architecture implements redundant authorization pathways to maintain transaction continuity during service interruptions.

Article 3. Fraud Prevention
Our multi-layered fraud detection system combines machine learning algorithms with manual review protocols. The system dynamically analyzes over 120 risk indicators including purchase velocity, device fingerprinting, and geolocation patterns. Transactions exhibiting anomalies such as mismatched billing/shipping information or high-risk country routing are automatically flagged for secondary authentication through 3D Secure 2.0 or M-Pesa PIN validation. High-value transactions exceeding $500 USD equivalent undergo additional verification through our risk management team.

Article 4. Contingency and Incident Management
In the event of payment processing failures, our systems automatically initiate fallback procedures through alternative payment gateways while preserving transaction integrity. Customers experiencing technical difficulties may request manual reprocessing within two business days through our dedicated payments resolution team. For suspected security incidents, our Computer Security Incident Response Team follows a standardized playbook that includes customer notification within 72 hours of breach confirmation, regulatory reporting where required, and provision of credit monitoring services for affected parties.

Article 5. Customer Rights and Protections
We guarantee zero liability for unauthorized transactions resulting from system vulnerabilities or third-party compromises. Customers receive real-time SMS and email confirmations for all transactions, with detailed records maintained in their account portals for twelve months. Our dispute resolution process ensures formal response to chargebacks within seven calendar days, supported by comprehensive transaction documentation. Customers are encouraged to report suspicious activity immediately through our 24/7 monitored security hotline.

Article 6. Compliance and Continuous Improvement
All personnel with payment system access undergo annual PCI compliance training and enhanced background screening. We conduct quarterly security assessments of third-party processors, reviewing their SOC 2 Type II audit reports and penetration testing results. This Policy is reviewed biannually by our Information Security Committee to incorporate emerging threat intelligence, regulatory updates, and technological advancements.

Article 7. Policy Governance
Violations of this Policy may result in immediate account restrictions, termination of merchant services, or legal action in cases of demonstrated fraud. Customers are responsible for maintaining the confidentiality of their authentication credentials and promptly reviewing transaction alerts.

Last Updated: 05/01/2025

Contact Information:
For security-related inquiries, please contact:
Chief Information Security Officer
Email: security@kidyphyllisinteriors.com