Card Encrypted AES

All card numbers are encrypted at rest with AES-256

What is Credit Card Encryption?
Credit card encryption is a security measure intended to reduce the likelihood of credit card information being stolen and used in fraudulent transactions. Credit card encryption involves multiple stages of a transaction, starting with encryption features on the card itself.

Sensitive data and communication encryption
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Payske’s internal servers and daemons can obtain plain text card numbers but can request that cards are sent to a service provider on a static allowlist. Payske’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Payske’s primary services including our API and website.

Learn how Payske handles security.

Payske Meets the Highest Level PCI DSS Level 1 Compliance. Payske has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.

Process the cards without having to warehouse the sensitive card data and be responsible for it with our PCI-DSS Level 1 architecture and tokenization APIs.
Our redundant data centers store and encrypt millions of credit card accounts so you can focus on your business and not on credit card security.
The Payment Card Industry Data Security Standard was developed to protect consumers and their data no matter where they shop or what channel they use. Careless online merchants can ruin the trust that a consumer requires to feel comfortable and confident shopping online.

HTTPS and HSTS for secure connections
Payske forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard to ensure secure connections:
Payske.js is served only over TLS.
Payske’s official libraries connect to Payske’s servers over TLS and verify TLS certificates on each connection.

We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure that browsers interact with Payske only over HTTPS. Payske is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.

What is PCI DSS compliance?
“PCI DSS compliance” is a term that frequently appears in the payments industry. While PCI DSS compliance is complex, it’s important to understand—especially in the context of accepting payments and building payment pages. “PCI DSS” stands for “Payment Card Industry Data Security Standard.” PCI is an organization that runs the PCI Security Standards Council, which was formed in 2006 by Visa, American Express, Discover, JCB International, and Mastercard to create a shared set of standards for keeping card payments secure.

For a business to remain in compliance with PCI DSS, it must meet certain requirements. These requirements are grouped into levels, depending on the volume of transactions the business handles each year:

Level 1: Businesses that process more than 6 million card transactions per year.
Level 2: Businesses that process more than 1 million transactions, up to 6 million transactions per year.
Level 3: Businesses that process 20,000 to 1 million transactions per year.
Level 4: Businesses that process fewer than 20,000 transactions per year.

The full list of PCI requirements is long and regularly updated. It mandates that payment hosts do everything possible to safeguard cardholder data, including:

Maintaining a firewall to protect cardholder data.
Encrypting the transmission of card data.
Limiting who has access to stored data.
Protecting all systems against malware and keeping antivirus software up-to-date.

Here’s a link to the most recent PCI DSS.

These rigorous standards are a big reason why so many online businesses prefer to use hosted payment pages. Maintaining PCI DSS compliance is a heavy lift, but it’s very important. For most businesses, it’s simpler to choose a hosted payment page and avoid worrying about keeping a homegrown payments system compliant.

PCI DSS compliance involves three main components:
Handling the ingress of credit card data from customers; namely, that sensitive card details are -collected and transmitted securely
Storing data securely, which is outlined in the 12 security domains of the PCI standard, such as encryption, ongoing monitoring, and security testing of access to card data
Validating annually that the required security controls are in place, which can include forms, questionnaires, external vulnerability scanning services, and third-party audits

Built securely from the ground up we use a wide range of technologies to ensure high levels of security throughout the whole site.

All communications are secured using strong encryption
Cross Site Request Forgery (CSRF) Protection
Advanced DDoS Attack Protection
Encryption of sensitive data and communication
PCI DSS compliant
Fully GDPR compliant

Payske is the safest financial option because we:
Adhere to international standards: We strive to apply international standards professionally and have many quality certificates in the application of these standards.
We have secure and reliable Internet servers that guarantee the protection of customer information.
Secure 256 bit Gateway Encryption Certificate: Application of the PCI DSS standard to control the data of credit card holders and reduce fraud.