We have undertaken the highest level of PCI Compliance. This includes having an Annual Report on Compliance (RoC) completed by a Qualified Security Assessor (QSA), performing monthly network scans through an Approved Scan Vendor (ASV), and an annual Attestation of Compliance (AoC) form also completed by our QSA.
As part of this ongoing compliance program, our Qualified Security Assessor (QSA) conducts two external penetration tests (you can think of these like "ethical hacks'') on our platform each year. In addition, our software development process and change management systems include security planning as a fundamental part of our application development and maintenance lifecycle.
Here is a summary of some of our key security achievements:
- We have not experienced any security or data breaches on our platform to date.
- We have achieved 100% uptime since our launch in 2013.
- We use only industry best practices for card data security (all cards are tokenised - which means we don't store the full card number in our database).
- Cards are only ever charged after receiving a multi-factor authentication approval from an authorised user.
If you need any further assistance or have any questions, please email us or schedule a call by Clicking Here.