Skip to content
Home » Blog » Is Bankful PCI Compliant?

Is Bankful PCI Compliant?

  • by

Certifications

Have peace of mind knowing that your business is protected with Bankful. We go above and beyond to ensure the security of our payment gateway systems, providing you and your merchants with confidence in safe transactions.

PCI DSS Level 1 Compliance Guaranteed

Bankful is PCI DSS Level 1. Our security is independently assessed annually to guarantee that we uphold the highest level of certification and PCI standards. Our Attestation of Compliance (AoC) is available upon request.

Disaster Recovery

Bankful’s network is designed to withstand both local and global events, with multiple data centers located in North America, the UK, and Europe.

  • Infrastructure is engineered to eliminate single points of failure.
  • Continuous service is ensured through redundant systems.
  • All service providers have at least two physical fiber entry points into our data centers, plus diverse and multiple paths into their own core networks.

High Availability

  • Availability is checked from locations worldwide every five minutes or less.
  • 24/7 monitoring alerts our engineers to potential problems.

Penetration Testing

  • Rigorous automated vulnerability scans are performed several times each month.
  • Both internet-facing and internal infrastructure are tested.
  • In-house experts and independent third parties conduct intensive penetration testing routinely.

Restricted Access

  • Segmented networks limit communication between specific servers.
  • Access between network segments is tightly controlled by robust firewall rules.

Vulnerability Management

  • All infrastructure is updated immediately when vendor security patches are released.

DDoS Mitigation

  • A leading third-party DDoS mitigation solution scrubs malicious traffic as needed.

GDPR Compliance

Bankful adheres to the European General Data Protection Regulation (GDPR) by implementing stringent measures for safeguarding cardholder data. This ensures the protection and privacy of all personal information. We consistently evaluate both the accuracy of in-scope data and the effectiveness of controls put in place to secure it.