Security is the foundation of Plastiq's platform. We fully understand that in our business, security is extremely important, and we treat every single payment with an unwavering commitment to service and safety. That’s why we employ extensive physical, electronic, and procedural security controls, regularly adapting them as technology and threats evolve.
While we cannot fully disclose all of our strategies and tactics, you can find below the steps Plastiq is taking to keep your information secure with us. We have invested in our technology platform to meet or exceed the "best practice" established in the payments industry. These include:
Physical and Network Security
-
Card-processing systems certified to Payment Card Industry Data Security Standard (PCI-DSS) Level 1.
-
In-transit data is always secured with some of the strongest encryption methods in the industry.
-
Plastiq uses 256-bit Extended Validation (EV) Secure Socket Layer (SSL) encryption technology for all access by cardholders and merchants, with network connections encrypted end-to-end from the client straight through Plastiq servers and onto banking partners.
-
All network and systems monitored and guarded 24/7 by intelligent intrusion detection services, frequent vulnerability scans, and injection/attack prevention services provided by trusted security firms.
-
All systems regularly updated with latest security patches and updates.
-
Networks and systems are strictly segregated by security level and data sensitivity, and can only be accessed by authorized personnel via private networks and multi-factor authentication.
-
Secure hosting facilities on redundant power systems with regulated climate control safeguarded by 24/7 surveillance and multi-factor authentication. Certified to PCI Level 1 as well as SSAE 16 Type II.
Payment Processing Security
-
Payment processing platform certified to Payment Card Industry Data Security Standard (PCI-DSS) Level 1.
-
Card data securely funneled from the client to our secure vault, where opaque tokens are generated and used for transaction processing to further safeguard cardholder information.
-
The vault is a server where we store all sensitive information such that when data is put in, it can never be taken out. That data can only be referenced by a token that is generated when the data is placed in the vault.
-
Sensitive information stored using some of the strongest encryption techniques in the industry.
-
Industry standard secure technologies utilized for all integrations to third-party processing partners.
Web Application Security
-
Card-processing applications certified to Payment Card Industry Data Security Standard (PCI-DSS) Level 1.
-
Sensitive cardholder data (e.g., card numbers, security codes, etc.) never stored in the client device, browser, or application databases.
-
Programming practices adhere to industry standard secure coding guidelines (e.g., OWASP recommendations).
Operational Security
-
Operational policies and procedures certified to Payment Card Industry Data Security Standard (PCI-DSS) Level 1.
-
Sensitive data collected and stored by Plastiq are subject to documented internal data retention policies and procedures.
-
Access to all sensitive data and services are strictly controlled, logged and monitored.
-
Ready response plans and always on call incident response team ensure your data is always protected even during an emergency.
-
Support centers certified to Payment Card Industry Data Security Standard (PCI-DSS) Level 1 and customer service representatives trained on secure payments procedures.
Comments
0 comments
Please sign in to leave a comment.