Payments security 101: Why payment platforms need to be (at least) PCI compliant | Reap

Payments security 101: Why payment platforms need to be (at least) PCI compliant


1 min read

Payment related products should have a relatively higher standard for security and privacy compared to most other online applications. Let’s be honest you’d probably be more upset if you weren’t paid on time vs. if you lost your high score on Candy Crush.

Payments security 101: Why Money Platform Should be (at least) PCI Compliance

Payment compliance standard is typically administered by a combination of local monetary authorities (like HKMA in Hong Kong and MAS in Singapore) and global security councils (like PCI security standards). In case it’s helpful, we wanted to provide a bit more background on the type of security measures, platforms like Reap have to go through in order to confidently facilitate online payments, keep your data secure and ultimately garner.

Anyone involved with the processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Platforms like Reap,Shopify,Uber has securely integrated with a global payment processor that has gone through independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry typically conducted on banks and other financial institutions. These security standards include several important requirements. A few examples of these requirements below:

  • Implementation of control measures
  • Implementation of data security policy
  • Maintaining safe network
  • Infrastructure that protects cardholder’s Personal Identifiable Information (PII)
  • Regular testing and monitoring of network
  • System vulnerability testing

Separately, businesses that adhere to these PCI standards must demonstrate that they can maintain these standards through regular onsite reviews and scans performed by data security and/or cyber security companies.

Why does it matter?

The main goal for PCI compliance are to ensure that the quality of all systems related to processing credit card are standardized and secure. More importantly, it ensures that those who do not comply, are fined and have your processing capabilities taken away. This provides an additional layer of trust when cardholders passthrough your sensitive credit card details to businesses that comply with PCI standards. PCI compliance can bring in more clients, as your trust will rise if you know that the company has taken every measure necessary for protection of your personal information.

Reap immensely value trust, security and transparency — if you’d like a bit more information on how security at Reap works, click here.