We're obsessed with Security.
Nothing is as important to us as our customer’s security.
PiPay is PCI-DSS Compliant.
PiPay systems that have been built from the ground up with security in mind. Hardened servers, point-to-point enterprise level data encryption, secure communication pathways and multiple firewall layered security. All of our systems are PCI and EMV compliant wherever applicable.
WHAT IS PCI-DSS?
PCI-DSS stands for Payment Card Industry Data Security Standards. It’s a set of rules and guidelines that ensures consumers are protected when using the credit cards online.
PCI-DSS REQUIREMENTS
REQUIREMENT 1
Install and maintain a firewall configuration to protect cardholder data.
All cardholder information is stored in database servers behind a configured firewall. Furthermore, an extra layer of security is provided by routing all traffic requests via specialised third-party vendors whose sole job it is to track incoming traffic for potential threats.
Requirement 2
Do not use vendor-supplied defaults for system passwords and other security parameters.
Pi Pay App is a FREE application. Simply download in your mobile phone and you immediately become a Pi Pay user.
Requirement 3
Protect stored cardholder data.
Cardholder data is encrypted with a unique encryption key. This key has been randomly generated using a RNG (Random Number Generator) and the key is kept in a secure location.
Requirement 4
Encrypt transmission of cardholder data across open, public networks.
Cardholder data is encrypted using 256-bit AES (Advanced Encryption Standard). This is the same level of encryption used by banks, and has been approved by the US Secretary of Commerce for use in the US Federal Government.
Requirement 5
Use and regularly update anti-virus software.
Our servers are scanned automatically at regular intervals with industry-leading software. Additionally, we also employ third-party vendors to test our systems on a yearly basis.
Requirement 6
Develop and maintain secure systems and applications.
Our software development is handled exclusively by experienced technical engineers who have a track record of building and deploying PCI-DSS compliant applications.
Requirement 7
Restrict access to cardholder data by business need-to-know.
Nobody in Pi Pay has access to a cardholder’s card data, with the exception of the last four digits of the card number. To be able to view these details a case needs to be made with our security partners who will then be able to release only the information required.
Requirement 8
Assign a unique ID to each person with computer access.
Not only do we assign a unique ID to each user in our system, but each individual action of each user is tracked, and these actions are stored in logs that are not editable by anyone in the company. These logs are used by both internal and external auditors to make sure that all security measures are being upheld.
Requirement 9
Restrict physical access to cardholder data.
Cardholder data is not kept in-premise, but on secure enterprise-level Tier 3+ 2N Data Centers that are surrounded by 3m high security fencing, biometric access control, card access proximity readers on all doors, and biometric entry controls.
Requirement 10
Track and monitor all access to network resources and cardholder data.
All access to network resources and cardholder data is logged in separate locations with limited access. These logs are reviewed regularly by both automated systems and human auditors for suspicious activity.
Requirement 11
Regularly test security systems and processes.
Pi Pay has yearly full system security reviews by third party solution partners, and employs a system of managed clustered servers that are constantly kept up to date with the latest security patches, as and when they are released.
Requirement 12
Maintain a policy that address information security.
Pi Pay is currently creating a publicly available information security policy to inform cardholders of how their card details are protected.