To ensure security Portmone.com complies with an international standard Payment Card Industry Data Security Standard (PCI DSS).
Рortmone is the first company in Ukraine that has successfully passed international safety audit for compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements and received a certificate № 499938160240108, issued by the German company SRC (Security Research and Consulting GmbH).
SRC is an independent audit company that ensures compliance with all safety requirements (Mastercard Site Data Protection and VISA Account Information Security), established by main payment systems VISA and Mastercard.
Safety audit entails the following:
- Portmone.com runs a quarterly network scan of its resources to identify vulnerabilities both by the company and by external auditors.
- Portmone.com undergoes annual security audits by independent auditors at the company's office.
- Portmone.com twice a year passes penetration checks by independent auditors.
- Portmone.com constantly checks itself for vulnerabilities and non-penetration.
- At Portmone.com, processes for the protection of information and its transactions are ongoing, as well as the ongoing improvement of these processes.
Compliance with PCI DSS standard includes:
- compliance with all the requirements of the international payment systems VISA and Mastercard according to the rules of payment and data protection;
- definition and development of a company's security policy;
- ensuring reliable data encryption and transmission over the network only in encrypted form;
- delimitation of access to data on the basis of official duties and powers with real-time access control;
- determination of stringent requirements for the process of developing, testing and implementing software with the provision of multi-stage control of data processing security;
- the implementation of a regular process of scanning the system in order to identify vulnerabilities and their subsequent removal;
- constant monitoring of the security of user data both at the time the user performs the operation and for the stored user data;
- constant update to the most current and protected versions of the software used.
User data protection
- Portmone.com uses only proven Enterprise solutions from leading data protection and traffic control companies, as well as licensed software from leading penetration testing and security scanning companies.
- Applies protection against DDoS attacks using FortiDDoS ™
- FortiGate® traffic identification and intrusion prevention and traffic content monitoring system
- 100% redundancy of all remedies.
- Account password and card data is encrypted with robust AES-256 encryption algorithms with regular changes of encryption keys.
To exchange information with users, Portmone.com applies the industry standard encryption TLS 1.2 using strong cryptography (key length up to 256 bits). The certificate is certified by the international certification agency GeoTrust.
Also Portmone.com developed and stricktly follows the rules
«of Security Policy».
Restriction in the portmone.com system when making payments
«FC MBK» is a subject of initial financial monitoring in accordance with the Law of Ukraine «On Prevention and Counteraction to Legalization (Laundering) of Proceeds from Crime, Financing of Terrorism and Financing of Weapons of Mass Destruction».
In order to comply with the requirements of the legislation in the field of financial monitoring and counteraction to fraudulent transactions in the Portmone.com system, LLC «FC MBK» reserves the right to introduce the following criteria for restricting money transfer services without opening accounts:
- General daily restrictions on the number and amount of payments;
- By the number and amount of payments by one non-verified card for one service per period;
- By the number and amount of payments by one verified card for one service per period;
- By the number and amount of payments by one not verified card for 1 month;
- By the number and amount of payments by one verified card for 1 month;
- By the number and amount of payments for one service per period;
- Other restrictions if necessary.