There is no ‘bulletproof’ payments security

Security is a topic that is never far from the headlines in payments. There were multiple high-profile data breaches at major US corporations in 2014, and these have continued into the first quarter in 2015 with Anthem and Premera Blue Cross. Although security measures are evolving in the wake of these corporate hacks, cybercrime is constantly evolving too, so there really is no ‘magic bullet’ for payments security.

Evolution of fraud, account takeovers, tokenization, authentication, PCI compliance, network security, and mobile fraud… these are just some of the issues that feature prominently in the educational tracks. And of course, there is the imminent migration to EMV in the US, which is expected to drive payment card fraud attempts into card not present transactions. When the UK converted to chip credit cards in the mid-2000s, Card not present fraud increased by more than 350% in the subsequent eight years. No wonder then, that EMV is igniting plenty of discussion about fraud and security in the US.

As a payment technology partner, security is also the backbone upon which our platform is built. Earlier, we mentioned that from our perspective, resilience is the umbrella term for availability, security, scalability, and sustainability. Offering the highest payments security standards at all times is an essential part of what we provide to our partners.

Two active redundant data centers, ensure highest 99.99% availability for our partners, but these data centers also guarantee industry-best security. Traffic is “scrubbed” as it enters the data centers, so that any malicious traffic containing vulnerabilities and exploits is removed before it enters the main system. Additionally, an intrusion detection system includes firewalls and antivirus protection. Physical security is ensured through a multi-layered system that includes biometrics and video surveillance. These measures are crucial, as social engineering – psychological manipulation to gain access to information – cannot be overlooked by businesses that are handling sensitive data.

Within our own organization, we employ the ‘four eyes principle’, which means that two technicians are always required in order to change anything on the live system. One administrator alone cannot do anything. Archive and audit logs record all activity in the system, and cannot be altered, which means that if administrators change anything, or if a hacker attempts to access the system, it is recorded in the logs and cannot be edited. As a measure to ensure that we is always employe industry best-practice, full time security engineers are an integral part of our IT Operations and Software Developments teams.

Payments security backed by full PCI Certification

Our security efforts are also guided by the PCI Security Standards Council, and we have been PCI DSS Level 1 Certified since 2005. Of course, PCI should be considered baseline, not failsafe, and we have clients that have security requirements that are higher than those outlined in PCI DSS. As a result, we deliver industry-best security standards, beyond what is required for compliance. Through our Level 1 Certification, our partners can be assured they are processing in a PCI-compliant environment at all times. Our modular gateway solutions account for the updates outlined in PCI DSS 3.1, and will continue to be updated in line with future revisions to PCI DSS.

Outsourcing payment infrastructure to AllSecure gives payments businesses peace of mind that they are processing in a secure and open compliant environment, and that their payment processing technology is always a market leader. We speak with many Acquirers that are finding that their legacy systems and older gateways simply do not meet the high expectations that merchants now have when it comes to payments security. High-profile data breaches have led to increased awareness of data protection and security, and combined with an accelerating rate of change in payment technology, some Acquirers are finding it difficult to keep up. AllSecure gives these businesses the ability to outsource payment processes and offer their global clients the highest level of payment security, without incurring significant development and infrastructure costs.

Contact sales[at]allsecure.eu to speak to one of our payment experts about our how our gateway solutions and extensive global payment network can benefit your business.