Security + PCI Compliance
Security is at the core of everything we do. Our payment systems exceed industry security standards — and we strive to keep up to date on emerging threats and changes in data security standards.
Rest assured, your business is in safe hands
NiftyPay goes above and beyond to make sure our systems are secure. Get the confidence of knowing that you, your merchants and their customers can transact safely.
PCI DSS Level 1 compliance
NiftyPay and our backend partners have continuously maintained PCI DSS Level 1 certification and compliance since 2005. Our partners are audited annually by independent security assessors to ensure we’re adhering to the industry’s highest level of certification and PCI standards.
NiftyPay is built to withstand local and global events. our processing backend has a number of data centers in North America, the UK and Europe. Our infrastructure is carefully designed to avoid single points of failure, allowing for continuous service and unrivaled survivability. We only use service providers that maintain at least two physical fiber entry points into our data centers, plus diverse and multiple paths into their own core networks.
We’re committed to providing the highest availability so you don’t have to deal with lost sales due to payment processing outages. That means we don’t just troubleshoot errors when they happen: we aim to detect and resolve issues before they impact transaction processing. Availability from points all over the world is checked every five minutes or less, and the entire backend infrastructure is monitored around the clock to alert our engineers of potential trouble.
Our backend systems are constantly tested to ensure they’re secure. Rigorous automated vulnerability scans are performed several times a month on both the internet-facing and internal infrastructure. A team of on-staff experts and independent third parties also perform intensive penetration testing every six months.
The backend processing network has been built with minimal access to outside networks and the internet. Internally, a series of highly segmented networks are used so only specific servers can communicate with each other. Access between network segments is highly restricted by robust firewall rules.
All internet-facing and internal infrastructure is updated as soon as security patches are made available by the vendor.
Distributed Denial of Service mitigation
Our payment processing systems use a leading third-party DDoS mitigator that quickly scrubs malicious internet traffic when needed.
The NiftyPay backend uses rigorous cardholder data security measures to comply with the European General Data Protection Regulations (GDPR), maintaining the integrity and confidentiality of all personally identifiable data. It is also regularly checked to ensure that in-scope data is current and that the controls to protect it are working.