Platform security

Paymentology is PCI-DSS Level 1 compliant. This is the most stringent level of certification available in the payments industry. Adhering to the PCI-DSS standard, Paymentology ensures that its Information Security Policy is reviewed annually and updated where necessary.

Security features

In Banking.Live, we use best-in-class security tools and practices, including but not limited to the following:

SSL encryption in web services

PayAPI runs HTTPS connections by default; it is protected and authenticated by SSL PKI (Public key certificate) where Banking.Live verifies API calls against client certificates.

FAST specification

FAST, a communications protocol, facilitates secure Authorisation and Settlement of transactions. Read more about the FAST specification in the guides here.

Dynamic wiping of RAM

Dynamic RAM overwrite (DRO) to reduce the risk of malware reading residual card data from RAM.

HSM

Paymentology has been using physical Thales 10K and Utimaco PaymentServer for Enterprise client environments.

PCI 3.2 by design

Banking.Live is built from the ground up to achieve PCI-DSS 3.2.

Maker/checker system

Paymentology employs a maker/checker system to approve changes to the program.

Dynamic CVV generation

CVV is eradicated and cryptographically computed, verified, and then destroyed.

Total key isolation from database

Patented key store (PayKey) to support more complex and secure key exchanges between networks, card manufacturers, and issuers.

TLS 1.2 end-to-end

Paymentology applies end-to-end encryption using mTLS.

Two-factor authentication

Mandatory dual factor authentication (2FA) for all components makes the overall system more secure.

Additional security features:

• Replay Intrusion proof web services provision
• Man-in-the-middle proof web services provision
• Card numbers are not stored nor used during processing. They are replaced with internal tokens. This method protects card numbers from being stolen or misused.
• ISO27001 certified.