Base Commerce, LLC, a technology-driven payment processing company specializing in bankcard and ACH payment processing solutions, has announced the third-party certification of its CypherPay™ E2EE (end-to-end encryption) payment solution. The rigorous assessment confirms that use of the CypherPay™ product results in significant PCI (Payment Card Industry) compliance scope reduction, allowing organizations to more easily meet the stringent data security requirements needed in today’s online payments landscape.
The expert evaluation was conducted by Sysnet Global Solutions (https://sysnetgs.com),
a Dublin-based authority in cyber security and compliance solutions
with clients worldwide. Sysnet documented its findings in a whitepaper
that is now available on the Base website.
“We developed CypherPay™ knowing that it would reduce the tremendous
PCI compliance burden faced by merchants and help to avoid consequences
like non-compliance fees and the devastating fallout from a data
breach,” said Ryan Murphy, Chief Systems Architect at Base Commerce.
“However, having a globally recognized entity like Sysnet confirm
through hundreds of hours of testing that the solution does precisely
that is extremely gratifying.”
Base’s Data Security Analyst, Zachary Walker, spearheaded the
certification initiative, leading a team that provided Sysnet with the
system access and information needed to fully vet the CypherPay™
product. Merchants who implement the solution save significant time,
effort, and capital each year as it addresses for them the 12
requirements of the payment card industry data security standard
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Protect all systems against malware and regularly update anti-virus software or programs.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business need to know.
- Identify and authenticate access to system components.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security for all personnel.
Easily implemented through the company’s Prebuilt SDKs (software
development kits), CypherPay™ completely removes sensitive data from a
merchant’s environment. In doing so, it not only dramatically reduces
the merchant’s PCI compliance burden, it provides the organization with
significant insulation from risk.
“Our evaluation covered many areas including validation of the
encryption mechanisms from encryption endpoints to the Base CDE
decryption environment, cryptographic key management principles
alignment with NIST 800-57 and PCI SSC P2PE version 2.0 rev1.1, and
implementation of PKI for payload encryption and decryption,” said Jeff
Montgomery, SVP – Cyber Risk at Sysnet. “We also reviewed implementation
of secure communication channels using TLS 1.2, conducted a forensic
investigation of end point systems via FTK and Autopsy to determine the
existence of any latent cardholder data or sensitive authentication data
post authorization to transactions, and performed transactions for each
of the envisaged payment channels, including POS, as per POI list, and
e-Commerce-based transactions. CypherPay™ exceeded the required
standards in all areas.”
Base serves clients in a wide range of industries, including property
management, consumer finance and collections, tolling, parking and
transportation, and charitable giving. These organizations leverage the
company’s advanced payments technology and services to streamline
payment acceptance and provide a more fluid experience for their
“Few, if any, other systems like CypherPay™ have undergone this type
of testing and certification, so stakeholders throughout the payments
ecosystem – from merchants to service providers to ISVs – can rest easy
at night when our solution has been implemented,” added Zachary Walker,
Data Security Analyst at Base. “No one, at any level of a merchant’s
organization, has access to sensitive customer information at any time,
so the risk of data misuse or theft is eliminated. And, compliance can
be confirmed annually literally in minutes.”
If you would like to read Sysnet’s report then you can find it on Base’s website (www.basecommerce.com/cypherpay-whitepaper.pdf).
About Base Commerce
Founded in 2008 and headquartered in Phoenix, AZ, Base Commerce is a leading provider of advanced payment processing solutions. Stakeholders in many areas of the payments ecosystem rely on the company’s comprehensive suite of technology and service offerings to ensure that payments are processed securely, promptly, efficiently, and cost-effectively.
About Sysnet Global Solutions
Headquartered in Dublin, Ireland, Sysnet is a global cyber security company, currently providing assessment and consulting services across more than 60 countries. Established in 1989, Sysnet has built a reputation for helping clients achieve compliance in a cost-effective manner, adopting a uniquely pragmatic and business focused approach. It offers a range of information security services, including PCI DSS, GDPR, ISO27002, HIPAA, Sarbanes Oxley, POPIA, FedRAMP, SWIFT, and other internationally defined standards. It proudly boasts a wide client base that includes global communication organizations, acquirers, ISOs, international banks, and payment service providers.