SDK.finance against Covid-19. Free software for 1 year. Learn more.
back to blog

Tokenization – PCI DSS, Encryption

 How much trusted is your technology?

Your team can run a demo of our API here. SDK.finance (established in 2013) offers a flexible, scalable and affordable core banking solution for banks and payment institutions of all sizes. This is a trusted technology partner for the clients scattered around 4 different continents. Experience on the payment market backed by a strong technology and C-level expertise make SDK.finance a decent choice in accomplishing business goals. SDK.finance is a Core Payment engine for transaction-related products:

Payments & loyalty back-end functionality in white-label
300+ RESTful API, Swagger
100,000,000+ transactions a month
Aggregation type of payment gateway
Designed especially for the easiest integration with 3rd party the client likes (OAuth, KYC, AML, Biometrics, etc)
Core Technology: Java Enterprise Edition, Enterprise Java Beans, Java Server Faces, Java Web Framework and SQL DB (PostgreSQL or OracleDB).

Application Server: Red Hat, WildFly
UI Components: Angular 2, Oracle JET
Cutting-edge technology & high-quality QA procedures
Infrastructure: PCI-DSS ready infrastructure AWS
You can let us know what extra aspects should be considered during your project preparation.

When I mention tokenization, what kind of a system do you use? Is it PCI-DSS compliant?  

“Tokenization” means that cardholder data will be kept on the card provider database, “PCI-DSS” means that you’ll keep the cardholder data on your server. So you need to choose the way you want.
We’re a technical integrator of Wirecard, so this question can be discussed with them.
Our software was written according to strict security standards. It will allow you to easily pass PCI DSS audit and you can be sure, that you customer’s card data stored with maximum safety. All our clients have easily got it with our software.

How secure are the “internal tokens” for the processing the mobile to mobile payments?

All interaction and data exchange will be done with security channels (VPN, SSH, HTTPS, etc.). Our software was written according to strict security standards. It will allow you to easily pass PCI DSS audit and you can be sure, that you customer’s card data stored with maximum safety.
High-quality testing procedures include:

Server’s side testing procedures include:

  • External penetration tests with OWASP ZAP
  • Application Firewalls (depends on Environment);
  • VPN for cross-servers communications
  • Strong SSL & SHA – for data encryption of network sessions for public services
  • Database encryption mechanism.

 

About us 

SDK.finance has a proven track record of providing financial services companies with the core banking functionality that they need, using its secure, robust, and configurable API platform as a one-stop-shop solution. 

Explore our highly scalable banking software:

Digital Retail Bank

Marketing Automation Platform for Banks

Wallet Engine

Event payments

Loyalty Program Software 

Contact us to learn more about our banking solutions. We are open to talk about how SDK.finance can be useful for your business.

Written by Alex Malyshev on Jan, 12, 2018

#FAQ #Security & Technology