GetDocPay Member Protection
Security is of utmost importance in processing online payment transactions. Therefore we have put security at the center of everything we do.
Security is of utmost importance in processing online payment transactions. Therefore we have put security at the center of everything we do.
Our payment gateway is fully compliant with PCI DSS 3.2 and certified as a Level 1 Service Provider, which is the key security standard within the payments industry.
It is regularly assessed for PCI DSS Compliance by Trustwave, a QSA for the Payment Card Industry Security Standards Council.
PCI DSS is a generic protocol that covers the entire cardholder data ecosystem and addresses security of payment applications. PA DSS does take data security to the next level and validates data security for specific applications that are sold to / provide services to 3rd parties.
Items that are typically included in the scope of PA DSS are:
The applications that are certified under PA DSS are the:
GetDocPay enforces the use HTTPS for all services using TLS (SSL). This includes the following:
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support.
GetDocPay does encrypt all card numbers internally using AES encryption protocol. Card numbers and other sensitive data are stored, decrypted, and processed in an environment separate from the rest of the infrastructure (e.g. API, websites).
Our payment gateway applies anti-DDOS solutions on all payment services and uses HSM for secure key management.
GetDocPay uses an integrated fraud protection engine to detect and track fraudulent payments in real time. We use the 3DSecure protocol in its various iterations, such as Verified by Visa, MasterCard Secure Code and J/Secure to ensure that you are protected from fraud.