Data Security
Data security is of enormous importance to us, and we take vital steps to safeguard your customers’ information
Level 1 PCI compliance
Our environment meets the highest industry standards and guidelines.
Level 1 PCI compliant
ReThink Pay Payis a validated Level 1 PCI DSS compliant service provider.
Industry recognition
We're on Visa's Global Compliant Provider & Mastercard’s SDP List
No prohibited data storage
We don't store raw magnetic stripe, card validation code, or PIN block data.
Data encryption via the ReThink Pay PayVault
Cardholder data is managed in the ReThink Pay Vault, using multiple encryption keys with split knowledge and dual control. A data thief would not be able to make use of information stolen from a database without also having the key. This data store cannot be connected to via the internet. We also offer secure data data migration to the ReThink Pay Vault.
Authentication and session management
We require users to authenticate every time they log into the Control Panel. Passwords are never stored directly in the database, and all API and Control Panel communication between merchants and ReThink Pay is conducted using TLS (Transport Layer Security).
Activity monitoring and testing
We review and observe employee, customer, and vendor activity to guard against suspicious or unauthorized activities. We conduct automated vulnerability scans at least quarterly, and at least once a year we have extended penetration testing conducted by outside sources.
Report a security issue and we will respond within 24 hours.
Any other questions? Contact us.
Get started with data security
Learn more about data security
Explore different aspects of risk and security and see the ways ReThink Pay Payhelps you protect your customers.
