We maintain an information security program to control risks associated with access, use, storage, sharing, and destruction of sensitive customer and financial information. We focus on providing a secure environment that goes above and beyond industry security standards and guidelines.
APS DATA is a validated PCI DSS Level 1st Compliant Service Provider.
We never store raw magnetic stripe, card validation code (CAV2, CID, CVC2, CVV2), or PIN block data. Storage of this data is prohibited by the PCI DSS.
Cardholder data is stored using one of the most advanced encryption methods available and it never can be decrypted. The data store where cardholder data is kept cannot be connected to via the internet.
We forcing all users to authenticate each time they use the application. Passwords are hashed using a slow hash function to increase security. In addition, all communication between merchants and us is conducted in a secure fashion using SSL.
Our network has been set up in a secure fashion with minimal access to outside networks. Only VPN access is allowed to our servers from whitelisted IPs. Internally, we use segmented networks so only servers which work together can communicate with each other.
We facilitate secured patching and software updates of all our systems, including watching numerous online resources for the latest vulnerabilities.
All of our employees undergo background checks as well as training on relevant security matters that pertain to their job. We also provide guidance to merchants on how to securely interact with our services.
Monthly, we conduct automated vulnerability scans. In addition, at least once a year we have extended external penetration testing conducted by outside sources.
We have high redundancy onsite and offsite. Onsite data is mirrored and is also hot synced between servers. Data is also encrypted and backed up off site with an undisclosed third party.
Our independent payment platform provides online payment services across banks and industries. The online payment platform connected to World Wide banks that acquire international global network data.
Our solutions delivered via a highly secure and robust payment gateway system complying with bank security protocol integrated with many providers to offer a seamless payment solutions.