Payment Card Industry (PCI) – Data Security Standards (DSS)
We take data and transactional security seriously and security is at the core of everything we do. The Payment Card Industry (PCI) has a set of standards called the Data Security Standards (DSS). It is a mandatory compliance standard for all payment service providers, and we are certified every year to ensure our standards remain world-class.
PCI requires the highest levels of security in all areas where cardholder data is transmitted and stored. As such, we have created a multi-layered, secure payment gateway, mirrored and housed within a world-class facility at Link Bermuda.
Data is encrypted as per our PCI requirements, and intrusion detection, responses, and systems monitoring, go hand-in-hand with formalized security policies.
Critical servers are monitored round-the-clock via a sequence of advanced, and automated, alerts. We have support staff on call 24/7/365 to receive these alerts and respond within a 15-30 minute time period.
The cGate® Secure suite of products is designed to transmit all transaction data safely and securely over the Internet. All data exchanged between the cGate®Secure “client” solutions on the merchant server, and our servers, is encrypted.
In addition to TLS 1.2 security, a hash signature is required with each transaction. The SHA256 hash is a security feature that enables FAC to authenticate that a transaction is from the merchant concerned, and to verify the integrity of the data received in a transaction request.
If you would like to see a copy of our PCI certificate, please view here. PCI-DSS-v3_2_1-AOC-FAC_2020