Safety features we apply to payment cards data
Safety of payment cards is one of the top priorities in GoPay. We apply the latest security standards and technologies that are in compliance with the PCI DSS Level 1 standard.
1. Storing
We only store payment cards with a proven approach of the owner. This is always combined with a mobile phone number and e-mail address.
2. Encryption
We always store payment card data using the latest encryption techniques. We use a series of encryption keys stored on separate physical servers. Data storage is on a separate network that is not connected to the internet.
3. Safety code
We never store a payment card security code located on a back side of a card known as CAV2, CID, CVC2, CVV2. In addition we irregularly require a security code of all stored payment cards to enhance a safety standard.
4. SMS login
To access a payment card on our payment gateway it is necessary to login via cardholder’s registered mobile phone. Distribution of one-time SMS code is sent when login is requested and is valid at that particular moment only.
5. 3D Secure
We use 3D Secure security to increase a total security of payment card access. Self control of MPI component that communicates with VISA and MasterCard, allows us to freely activate this protection according to the amount of the payment or other safety rules.
6. SSL communication
All communication between the merchant and our payment gateway is encrypted by 128-bit SSL certificate.
7. Logging activities
We store all information about a payment card, incl. its using and editing. The security method of logged information is resistant to unwanted changes or manipulations.
8. Penetration tests
Our system is a subject to regular safety tests that simulate how the system can be affected. All tests are conducted by an independent authority.
9. Secure environment
Our network topology was designed with minimal access to surrounding networks. We only allow VPN access from authorized IP addresses. On a regular basis we update each individual server.