Skip to content

Security and privacy

Secure card
products

Process financial data at the highest level of technology, security and privacy, for both you and your customers.

Keeping payments safe from any threat

Our Platform's rules-based decision engine and secure APIs provide the most robust, triple-layer, end-to-end security authorisation available.

Payments Card Industry (PCI)

Total internal data-encryption that exceeds PCI 3.2.1 requirements.

Tokenisation

Cardholder-data is tokenised, end-to-end, with keys swapped out; both regularly, and on an ad-hoc basis.

ISO/IEC certified

We comply with the ISO27001 international standard for information security management systems.

Secure data exchange

We represent the apex of multi-layered, ultra-secure financial-data security and encryption. Store, transmit or process sensitive card data with confidence.

enhanced-user-security

Enhanced
user-security

The Paymentology Web Services API features the most advanced security features – embedded at every level – ensuring totally secure data exchange.

  • 3DS 2.0 for real, intuitive risk assessment.

  • Maker/Checker system for any amendments.

  • Complete auditing and tracking functionality for user groups means you can track everything done on the Platform.

  • All easily controllable via API, or PayControl.

PIN management

Paymentology's PayPIN management platform allows you to deliver PINs, via multiple channels, with the most robust end-to-end encryption and security technology.

  • PIN delivery via SMS.

  • PIN delivery via app.

  • PIN delivery via web.

  • PIN selection by customer.

pin-management
ssl

SSL

Complete end-to-end control. Message passing-on is ultra-secure.

cryptographical-security

Cryptographical Security

Data is encrypted using a secret, ultra-secure key. Both the encoded message, and secret key, arrive safely for decryption with the recipient.

key-storage

Key Storage

Total key-store isolation from database clusters.

dynamic-ram-overwrite

Dynamic RAM Overwrite (DRO)

An automatic process that repeatedly, dynamically overwrites RAM, removing any trace of underlying card data.

encryption

Encryption

Layered, end-to-end encryption – at creation, in transit, and at rest – ensuring total privacy and integrity of transmitted data.

vpn-access-requirement

VPN Access Requirement

We comply with all VPN-access requirements and standards.

tls-1-2-authentication

TLS 1.2 Authentication

All data is encrypted using symmetric and asymmetric cryptography, to ensure ultra-secure data-sending.

cvv-security

CVV Security

CVVs are dynamically generated, cryptographically computed, verified, and then destroyed. CVV data is never stored or static.

Privacy

For 23 years, major banking institutions have trusted us to provide the best in privacy protection. We hold ourselves to this standard, every day.

compliance

Compliance

Our Cloud-ready systems are fully compliant with General Data Protection Regulation (GDPR) guidelines, as well as all Mastercard and Visa standards.

personal-data

Personal Data

Personal data is owned by the customer. If there are any specific in-country regulations, data will sit in-country.

dpia-checks

DPIA Checks

We conduct regular Data Protection Impact Assessments (DPIAs) with a certified third party, to continuously help us identify any potential risks, at any level.

training
Training

Training

We remain at the very forefront of expertise, knowledge, and compliance, at all times, through constant training, upskilling, and industry best-practice reviews. This has enabled us to train, upskill and onboard our clients, with ease.
monitoring-tools
Monitoring

Monitoring tools

We provide multiple channels for receiving, monitoring, visualising and interpreting data; interpretable and actionable in real-time. With our Platform's APIs keeping watch at all times, you can now truly see the bigger picture.

Start innovating your payments with us

We’re here to identify payment needs, and to solve them. Faster, smoother, and with greater innovation than others can.