Have peace of mind knowing that your business is protected with Bankful. We go above and beyond to ensure the security of our payment gateway systems, providing you and your merchants with confidence in safe transactions.
PCI DSS Level 1 Compliance Guaranteed
Bankful is PCI DSS Level 1. Our security is independently assessed annually to guarantee that we uphold the highest level of certification and PCI standards. Our AoC is available upon request.
Disaster Recovery
Bankful’s network is designed to withstand both local and global events, with multiple data centers located in North America, the UK, and Europe. Our infrastructure is engineered to eliminate single points of failure, ensuring continuous service. We only partner with service providers who have at least two physical fiber entry points into our data centers, as well as diverse and multiple paths into their own core networks.
High Availability
Our availability is checked from locations worldwide every five minutes or less, and our infrastructure is monitored 24/7 to alert our engineers to potential problems.
Penetration Testing
We are constantly testing our systems for security. We perform rigorous automated vulnerability scans several times a month on both our internet-facing and internal infrastructure, and a team of in-house experts and independent third parties conduct intensive penetration testing routinely.
Restricted Access
We use segmented networks to limit communication between specific servers, and access between network segments is strictly controlled by robust firewall rules.
Vulnerability Management
All internet-facing and internal infrastructure is updated immediately when security patches are released by the vendor.
DDoS Mitigation
We utilize a leading third-party DDoS mitigation solution that effectively scrubs malicious internet traffic as needed.
GDPR Compliance
We adhere to the European General Data Protection Regulations (GDPR) by implementing stringent measures for safeguarding cardholder data. This ensures the protection and privacy of all personal information. We consistently evaluate the accuracy of in-scope data and the effectiveness of controls put in place to secure it.