NCOALink® Security Process and Compliance Information
All files transferred to and from our licensed NCOALink site are done through a secure username and password-protected FTP connection. The only information that AccuZIP6 sends to the server for processing is 128-bit encrypted and 32-bit password files that contain the name and address information.
Strong Encryption is always applied to a file after compression. The block-oriented algorithms all operate in Cypher Block Chaining (CBC) mode. The block size used for AES encryption is 16.
A random and unique 32-bit password is also used to provide rock-solid security to the file. No user identifiers are provided with the file so hackers could never identify the file as coming from a particular source.
No private information is included in the file, other than the name/firm and standardized address for creating hash values for NCOALink lookup purposes only. All information is processed in memory and deleted from memory when the file is completed processing. Only COA result data, not the original data is transmitted back in an encrypted and compressed format so there is no "link" between the original data and the new data during upload/download.
A "key" file that resides on the customer's computer is the only way the original data can be updated with the new COA data, thus rendering the individual files useless.
Before the information leaves your location, the file is encrypted using 128-bit encryption and compressed 10:1 using the WinZip compression algorithm. All of the encrypted data is secured with two unique passwords, randomly generated using a 32-bit password creation algorithm. Each file name is unique, randomly generated, and anonymous.
All files must be uploaded in its entirety as our decryption software does a bit-by-bit analysis of each file during decryption to ensure that the entire file has been uploaded properly. After the data is completely uploaded, the file is decrypted and processed through our licensed NCOALink service. There is never any human interaction and the files are always processed automatically and anonymously.
When the NCOALink process is completed, the national-change-of-address (NCOA) result records are encrypted and password protected using the same technology as above, then uploaded back to your computer where they are decrypted and the data is updated automatically with no user interaction. A typical file of 100,000 records through our NCOA18 would take approximately 1-minute to process. If you add the NCOA48 to that, it would add approximately 1-2 minutes to the total time.
It took us nearly one year to get our Electronic and Physical Security approved by the USPS. We take great pride in the level of integrity, security, and anonymity of our Licensed NCOALink system.
AccuZIP, Inc. is in compliance with HIPAA, HITECH, and SOC 2 Type I Standards, the leading Security Standards for the Software as a Service Industry. As a Software as a Service provider, our valued customer partners can take ease in knowing that their data is hosted and processed with a HIPAA and SOC 2-compliant hosting provider. All of these additional privacy and security measures allow our customer partners the peace of mind to know that their data is protected at the highest level in all states, both during transmission and at rest. The use of any licensed AccuZIP Products and services confirms the acceptance of this policy and any subsequent updates.