Help to stop the war! Stand with Ukraine!
Contact Us

Tokenization – PCI DSS, Encryption

Alex Malyshev

Сontent

 

How much trusted is your technology?

SDK.finance (established in 2013) offers a flexible, scalable and affordable core banking solution for banks and payment institutions of all sizes. This is a trusted technology partner for the clients scattered around 4 different continents. Experience on the payment market backed by a strong technology and C-level expertise make SDK.finance a decent choice in accomplishing business goals. SDK.finance is a Core Payment engine for transaction-related products:

Payments & loyalty back-end functionality in white-label
300+ RESTful API, Swagger
100,000,000+ transactions a month
Aggregation type of payment gateway
Designed especially for the easiest integration with 3rd party vendors the client likes (OAuth, KYC, AML, Biometrics, etc)
Core Technology: Java Enterprise Edition, Enterprise Java Beans, Java Server Faces, Java Web Framework and SQL DB (PostgreSQL or OracleDB).

Application Server: Red Hat, WildFly
UI Components: Angular 2, Oracle JET
Cutting-edge technology & high-quality QA procedures
Infrastructure: PCI-DSS ready infrastructure AWS
You can let us know what extra aspects should be considered during your project preparation.

When I mention tokenization, what kind of a system do you use? Is it PCI-DSS compliant?  

“Tokenization” means that cardholder data will be kept on the card provider database, “PCI-DSS” means that you’ll keep the cardholder data on your server. So you need to choose the way you want.
We’re a technical integrator of Wirecard, so this question can be discussed with them.
Our software was written according to strict security standards. It will allow you to easily pass PCI DSS audit and you can be sure, that you customer’s card data stored with maximum safety. All our clients have easily got it with our software.

How secure are the “internal tokens” for the processing the mobile to mobile payments?

All interaction and data exchange will be done with security channels (VPN, SSH, HTTPS, etc.). Our software was written according to strict security standards. It will allow you to easily pass PCI DSS audit and you can be sure, that you customer’s card data stored with maximum safety.
High-quality testing procedures include:

  • Arquillian and JUnit tests
  • SonarQube, UpSource, FindBug, Lapse+
  • Application Monitoring + Infrastructure monitoring
  • Integration tests + Functional tests;
  • Open Web Application Security Project (“OWASP”)

Server’s side testing procedures include:

  • External penetration tests with OWASP ZAP
  • Application Firewalls (depends on Environment);
  • VPN for cross-servers communications
  • Strong SSL & SHA – for data encryption of network sessions for public services
  • Database encryption mechanism.

About us 

SDK.finance has a proven track record of providing financial services companies with the core banking functionality that they need, using its secure, robust, and configurable banking platform as a one-stop-shop solution.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)