Security

  • Since its inception, PayGo Billing has provided built-in, security features including full-strength cryptography for sensitive data encryption, secure communications support, and an internal IP filtering/firewall facility.If is our intention to provide the highest-level of securtity of our clients and their customers.

    Data Replacement (“Tokenization”)

    PayGo Billing supports Data Replacement (“Tokenization”) Technologies. This is the use of data “tokens” as a substitute for sensitive cardholder data has achieved widespread acceptance among merchants seeking to minimize or eliminate cardholder data in their information processing systems. In response to the many different “tokenization” solutions offered by the myriad of competing vendors, the PCI Security Standards Council has issued an Informational Supplement entitled “PCI DSS Tokenization Guidelines” to provide guidance for payment industry stakeholders when developing, evaluating, or implementing data replacement technologies.

    PA-DSS Validation

    PayGo Billing is validated by the PCI Security Standards Council and has been PA-DSS audited multiple times by IBM Internet Security Systems (our PA-QSA certified auditor). These validations are accepted by all Card Brands, Processors and Acquirers.

    PCI Data Security Standard

    The Payment Card Industry (PCI) Data Security Standard is the result of a collaboration between all major card brands, such as Visa and MasterCard. Designed to create common industry security requirements that include the original CISP conditions, this criterion is mandated by the newly formed PCI Security Standards Council, and consists of the following stipulations:

    Build and Maintain a Secure Network
    Protect Cardholder Data
    Maintain a Vulnerability Management Program
    Implement Strong Access Control Measures
    Regularly Monitor and Test Networks
    Maintain an Information Security Policy
    PayGo Billing manages these requirements so you, the client, do not need to worry about it.

    About the PCI SSC:

    “A Limited Liability Corporation (LLC) chartered in Delaware, USA, the PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.. All five payment brands share equally in the council’s governance, have equal input to the PCI Security Standards Council and share responsibility for carrying out the work of the organization.”

    PA-DSS / PABP

    The goal of the Payment Application Best Practices (PABP) and Payment Application Data Security Standard (PA-DSS) program is to help software vendors create secure payment applications. The voluntary PABP program was formally retired on October 1st 2008 and was replaced by the mandatory PA-DSS program run by the PCI Security Standards Council. In both programs, to be considered secure, these applications cannot retain full magnetic stripe data or CVV2 data and must support a merchant’s ability to comply with PCI-DSS requirements.