Security and privacy
Process financial data at the highest level of technology, security and privacy, for both you and your customers.
Keeping payments safe from any threat
Our Platform's rules-based decision engine and secure APIs provide the most robust, triple-layer, end-to-end security authorisation available.
Payments Card Industry (PCI)
Total internal data-encryption that exceeds PCI 3.2.1 requirements.
Cardholder-data is tokenised, end-to-end, with keys swapped out; both regularly, and on an ad-hoc basis.
We comply with the ISO27001 international standard for information security management systems.
Secure data exchange
We represent the apex of multi-layered, ultra-secure financial-data security and encryption. Store, transmit or process sensitive card data with confidence.
The Paymentology Web Services API features the most advanced security features – embedded at every level – ensuring totally secure data exchange.
3DS 2.0 for real, intuitive risk assessment.
Maker/Checker system for any amendments.
Complete auditing and tracking functionality for user groups means you can track everything done on the Platform.
All easily controllable via API, or PayControl.
Paymentology's PayPIN management platform allows you to deliver PINs, via multiple channels, with the most robust end-to-end encryption and security technology.
PIN delivery via SMS.
PIN delivery via app.
PIN delivery via web.
PIN selection by customer.
Complete end-to-end control. Message passing-on is ultra-secure.
Data is encrypted using a secret, ultra-secure key. Both the encoded message, and secret key, arrive safely for decryption with the recipient.
Total key-store isolation from database clusters.
Dynamic RAM Overwrite (DRO)
An automatic process that repeatedly, dynamically overwrites RAM, removing any trace of underlying card data.
Layered, end-to-end encryption – at creation, in transit, and at rest – ensuring total privacy and integrity of transmitted data.
VPN Access Requirement
We comply with all VPN-access requirements and standards.
TLS 1.2 Authentication
All data is encrypted using symmetric and asymmetric cryptography, to ensure ultra-secure data-sending.
CVVs are dynamically generated, cryptographically computed, verified, and then destroyed. CVV data is never stored or static.
For 23 years, major banking institutions have trusted us to provide the best in privacy protection. We hold ourselves to this standard, every day.
Our Cloud-ready systems are fully compliant with General Data Protection Regulation (GDPR) guidelines, as well as all Mastercard and Visa standards.
Personal data is owned by the customer. If there are any specific in-country regulations, data will sit in-country.
We conduct regular Data Protection Impact Assessments (DPIAs) with a certified third party, to continuously help us identify any potential risks, at any level.
Start innovating your payments with us
We’re here to identify payment needs, and to solve them. Faster, smoother, and with greater innovation than others can.