At Nodus Technologies, we take security very seriously. Please review our protocol for maintaining security and reach out to us if you have any questions.
PayFabric is PCI Service Provider Level 1 certified. This is the highest level of security for the payments industry which requires the best-in-class security practices to achieve. To view all of PayFabric’s validations, please visit: https://www.payfabric.com/us/pci.html
PayFabric uses the latest TLS (Transport Layer Security) protocol on all of its communications over the cloud and regularly audits its security methods.
The PCI Council and the IT industry have revamped the process of encryption key management because the encryption algorithms, such as AES and Triple DES, are public and readily available to any attacker. The encryption key is the last defense.
PayFabric undertook the challenge and implemented its own state of the art storage algorithm in addition to following the PCI guidelines’ use of public encryption methods. This further enhances current compliance standards with added security so that even breaking the cryptographic protections would not allow the data to be reconstructed.
If you believe that you have discovered a bug or break in the security of PayFabric, please contact us immediately at firstname.lastname@example.org. We take all security issues very seriously and will respond to you as soon as possible. We request that you do not publicly disclose any issues with PayFabric until we have properly addressed it.
To maintain PCI compliance for the communications between your customers and your server, follow the recommended best practices below.
The Payment Card Industry Data Security Standards, or PCI DSS, are the requirements and regulations that every merchant who is processing, storing, or transmitting credit card data must follow. PayFabric makes it easy for merchants to set up a fully PCI-Compliant integration by following the steps below:
Using PayFabric hosted checkout pages and securing your payment pages over TLS will help you reduce the complexity of maintaining PCI Compliance. If you are storing and/or transmitting credit card data through your own servers, you will be responsible for implementing additional PCI DSS guidelines.
HTTP is the communication protocol which transmits data between two end-points, such as between your clients/server and PayFabric. When HTTP communication is secured by an encryption protocol, it is known as HTTPS. In the past, the HTTP communication was secured and encrypted through SSL, or Secure Sockets Layer, protocol. With the increase in security, vulnerabilities were found within the SSL encryption protocol and it has now been replaced with TLS (Transport Layer Security).
From the customer’s perspective, internet users feel more secure when they can visibly see the HTTPS in the link. In addition, HTTPS ensures that the domain owner and the server owner are the same, ensuring that there is no “man-in-the-middle” trying to steal information.
To start using TLS, you will need to make sure your systems that are running the application that is connecting to PayFabric have TLS enabled.
Information like card type, the last four digits of the credit card and its expiration date is considered non-sensitive information and therefore not subject to PCI compliance. This information can be stored inside your database without interference to your compliance with PCI.
If you have any questions or concerns, please reach out to us at email@example.com. For additional information, please visit the following websites:
National Institute of Standards and Technology: http://csrc.nist.gov/