Server and Data Security
From the beginning, Payment21® developed its system with the PCI DSS requirements in mind.
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide safety norm defined by the Card Industry Council. The council that develops and monitors these standards is comprised of the leading providers in the payment industry: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International. They define the best practices for storing, transmitting, and handling of sensitive information over the Internet. Payment21® abides by the standards of Visa and MasterCard voluntarily. All servers are stored in a fully PCI DSS-compliant datacenter.
We work tirelessly to ensure that every aspect of our network is maintained and managed to premium levels. The role of a superior financial data service provider is a challenging one, but it is a challenge to which we always rise. Our technical team updates our security infrastructure daily. We also monitor it manually to ensure that there are no unforeseen or yet unknown threats to our systems in our datacenter. We are here to safeguard your much-valued data against fraud. With properly maintained firewalls, encrypted data and premium antivirus software, you can rest assured that we take all the necessary steps to ensure that customers can use our services with confidence.
All processing and storage is managed by a professional datacenter in a well-regulated and reputable European jurisdiction. The building is located in a superb geographical position on a small hilltop between two ridges. This datacenter provides security and stability with the following features:
- Redundant Air Conditioning.
- Uninterrupted power supply (UPS) is through APC Schneider Electric and is tested regularly by the control unit and serviced annually by the manufacturer.
- In the event of lengthy power interruptions, the emergency power supply (a diesel engine with 270kVA output) takes over. The system is tested once a month by running it for 30 minutes, providing 80% of the energy required. Twice a year, the system tested for 30 minutes at full load.
- Security is ensured 24/7, 365 days a year via CCTV cameras located in the entrance area both inside and outside as well as in the floor.
- A locking and electronic access system is installed which enables access to different areas.
- The building is protected by a fire alarm system with separate fire detectors in each area.
- Originally, the building was set up for civil defense, meaning it is very solid and earthquake-proof.
- All windows are highly protected.
Encypted Data: TLS and SSL
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL encrypt the segments of network connections above the transport layer, using asymmetric cryptography for privacy and a keyed message authentication code for message reliability. There are several versions of SSL, with Version SSL 3.1 being the same as TLS 1.0. The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. When you login to Payment21®'s website you will see in the URL something like https://www.Payment21.com/... (Where the "s" after "http" denotes it is secure). The whole Website uses the “https” protocol, which guarantees that any information passed over the Internet is processed safely protecting users from man-in-the-middle attacks.
Bank Grade Security
Payment21® uses a two-step authentication and authorization process that is safer and more secure than authorizing credit or debit cards. The system processes transactions with bank-grade security.
Transaction security is based on masking. With Payment21®, none of the user’s banking information is publicly transferred, released, captured, copied or transcribed during a transaction. The servers are protected with firewalls and premium antivirus software.
Payment21®'s fraud prevention services include a multitude of simultaneous screening techniques. We offer one of the most comprehensive verification systems available today. To keep the return rate low, Payment21®’s risk management exercises strict rules, automatically blacklisting any fraudulent account or any account of users with suspicious activity. Many of the security features run invisibly in the background, providing customers with a smooth payment experience while discreetly separating the good from the bad:
- Device detection applies a set of business rules and velocity limits to determine whether the computer or phone used by the user is on the 'block list' of known bad devices
- Blocking any transaction with a user who has Payment21®’s internal high-risk rating with past 'decline' result or rejected transactions
- IP filtering - this enables Payment21®’s system to link unrelated accounts and behavior to one source IP address and block use from unsupported or high-risk areas. It also helps to identify anonymous proxy IPs and transactional anomalies before they impact the business.
The bottom line is that Payment21®’s state-of-the-art fraud prevention solution monitors and rejects suspicious transactions before the payment ever reaches our backend application and consequently the banking network. To successfully manage risks, Payment21® acts as an intermediary for secure settlements on the one hand, and on the other hand functions as the doorkeeper for financial institutions, ensuring bank-grade security.