We have undertaken the highest level of PCI Compliance. This includes having an Annual Report on Compliance (RoC) completed by a Qualified Security Assessor (QSA), performing monthly network scans through an Approved Scan Vendor (ASV), and an annual Attestation of Compliance (AoC) form also completed by our QSA.
As part of this ongoing compliance program, our Qualified Security Assessor (QSA) conducts two external penetration tests (you can think of these like "ethical hacks'') on our platform each year. In addition, our software development process and change management systems include security planning as a fundamental part of our application development and maintenance lifecycle.
Here is a summary of some of our key security achievements:
- We have not experienced any security or data breaches on our platforms to date.
- We have achieved 100% uptime since our launch in 2013.
- We use only industry best practices for card data security (all cards are tokenised - which means we don't store the full card number in our database).