Data Security is Our Top Priority
Constellation Payments is committed to delivering the gold standard in credit card data security. From achieving Level One Payment Card Industry (PCI) compliance certification, to employing state-of-the-art tokenization technology, each measure is purposefully taken to provide the highest level of security, and reduce risk and liability for our customers and partners.
We take data security very seriously … following the most rigorous payment card security standards in everything that we do. We wouldn’t have it any other way.
The Highest Level of PCI Compliance to Protect Your Customer Data
Delivering the absolute best in data security is extremely important to us, and why we go through systematic, recurring audits to re-validate our Level One PCI certification. Level One is the highest standing of PCI compliance that carries the most stringent certification requirements.
Trustwave, the leading provider of on-demand security and payment card industry compliance and a Qualified Security Assessor (QSA) registered with the PCI Security Standards Council, performs the PCI-DSS reviews. Constellation Payments demonstrates compliance through comprehensive on-site audits of our headquarters, as well as through off-site audits of our production environment hosted by Xand.
Audits include recurring network security scans, system penetration testing, and a full review of our systems, processes, and documented policies and procedures.
Data Center Security & Redundancy
Nothing is more important to us than delivering the highest level of security, reliability and support to our customers. That is why we continually invest in a state-of-the-art infrastructure that adheres to the most rigorous standards and best practices for unrivaled uptime and airtight security.
Core components to our infrastructure include:
- Multiple, active data centers that are fully redundant with real-time synchronization. If one data center encounters a problem, traffic is directed to the other data center to avoid transaction interruption. This architecture provides immediate failover capability and maximum uptime.
- Regularly scheduled system vulnerability and penetration testing
Advanced Tokenization for the Absolute Best Security
Our tokenization technology eliminates the need to ever store credit card numbers.
What is Tokenization?
Tokenization is the process of taking a customer's credit card number, storing it in a highly-secure encryption appliance and then replacing it with a surrogate value known as a "token". The payment system can then use this token value when processing payments as a way to retrieve the customer's credit card number. The token itself is not a sensitive piece of data and can be stored in an external system and used in future transactions in lieu of the credit card number.
How it works:
Our tokenization technology employs state-of-the-art encryption utilizing a multiple authority architecture, public-key cryptography and a FIPS 140-2 Level 3 certified Hardware Security Module to store Private keys. All of this guarantees the absolute best security and protection for your primary account number (PAN) data.
To illustrate this, let's describe a real-world scenario on how tokenization would work.
- John Doe approaches a merchant's website and purchases an item.
- At the time of purchase, he enters his credit card number: 4123-4567-8901-2345
- The credit card number is sent to the highly-secure encryption appliance and stored.
- A "token" is then returned from the encryption application. For our example, let's assume the token value is: VC84632147254611111111
- The payment is processed in the credit card payment network.
- A response is sent to the website which includes the new token value that was created.
- The website would now store this token value. The token value itself is able to tell the customer the type of credit card and last four digits.
- For future purchases, the customer could select his or her payment method from the token.
These purchases would then send over the token value and processing would work against the original credit card number entered.