System Security Policy

Wirecard is a payment service provider that process transaction for thousands of merchants. We take system and data security extremely serious and ensure that our customers transactional data is secure within our environment at all times.

Transaction security

Wirecard uses 128-bit TLS certificates to ensure that all transactional information is passed securely between the merchant and Wirecard’s site. No cardholder information is ever passed unencrypted and any messages sent to your servers from Wirecard are signed using MD5 hashing to prevent tampering. In the event that PAN information is returned, the PAN will be hashed, including the first 6 digits and last 4 digits of the PAN.

Encryption and Data Storage

All sensitive data is secured stored within Wirecard’s systems using internationally recognised 256-bit encryption standards. The data we hold is extremely secure and strict policies are in place ensuring limited and secure access to our servers internally are maintained. The information we store is highly regulated and audited regularly by a Quality Assurance Assessor (QSA).

System security

Wirecard’s systems are regularly scanned ensuring that our infrastructure and network remains secure at all times. Further to this, we use an Approved Scanning Vendor (ASV) approved by the payment card brands to review scans quarterly.

Additionally, Wirecard is PCI DSS Level 1 certified, which is the highest level of compliance. As a service provider that stores and transmits cardholder data on behalf of our merchants, Wirecard will maintain all applicable PCI DSS requirements in accordance to PCI DSS regulations in order to protect the integrity of our merchant’s cardholder data.

We are audited annually by a QSA ensuring that the upmost security is maintained at all times.

Links to banks

Wirecard maintains multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.

Internal security

Access to Wirecard premises is controlled by biometric access with all in and out entries logged within our secure servers. No one can enter or leave our premises without using biometric access.

Staff validation

All employees at Wirecard are checked for Criminal Records prior to employment and no unauthorized individual has access to or is able to decrypt transaction information or cardholder data. Our systems only allow access to our most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). All transaction information and customer card information is secure even from our own employees.

Disaster recovery

Wirecard maintains a full disaster recovery and business continuity plan ensuring that maximum uptime and security are maintained in our data centres at all times.