Base Commerce, LLC, a technology-driven payment processing company specializing in bankcard and ACH payment processing solutions, has announced the third-party certification of its CypherPay™ E2EE (end-to-end encryption) payment solution. The rigorous assessment confirms that use of the CypherPay™ product results in significant PCI (Payment Card Industry) compliance scope reduction, allowing organizations to more easily meet the stringent data security requirements needed in today’s online payments landscape.
The expert evaluation was conducted by Sysnet Global Solutions (https://sysnetgs.com), a Dublin-based authority in cyber security and compliance solutions with clients worldwide. Sysnet documented its findings in a whitepaper that is now available on the Base website.
“We developed CypherPay™ knowing that it would reduce the tremendous PCI compliance burden faced by merchants and help to avoid consequences like non-compliance fees and the devastating fallout from a data breach,” said Ryan Murphy, Chief Systems Architect at Base Commerce. “However, having a globally recognized entity like Sysnet confirm through hundreds of hours of testing that the solution does precisely that is extremely gratifying.”
Base’s Data Security Analyst, Zachary Walker, spearheaded the certification initiative, leading a team that provided Sysnet with the system access and information needed to fully vet the CypherPay™ product. Merchants who implement the solution save significant time, effort, and capital each year as it addresses for them the 12 requirements of the payment card industry data security standard (PCI-DSS):
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Protect all systems against malware and regularly update anti-virus software or programs.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business need to know.
- Identify and authenticate access to system components.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security for all personnel.
Easily implemented through the company’s Prebuilt SDKs (software development kits), CypherPay™ completely removes sensitive data from a merchant’s environment. In doing so, it not only dramatically reduces the merchant’s PCI compliance burden, it provides the organization with significant insulation from risk.
“Our evaluation covered many areas including validation of the encryption mechanisms from encryption endpoints to the Base CDE decryption environment, cryptographic key management principles alignment with NIST 800-57 and PCI SSC P2PE version 2.0 rev1.1, and implementation of PKI for payload encryption and decryption,” said Jeff Montgomery, SVP – Cyber Risk at Sysnet. “We also reviewed implementation of secure communication channels using TLS 1.2, conducted a forensic investigation of end point systems via FTK and Autopsy to determine the existence of any latent cardholder data or sensitive authentication data post authorization to transactions, and performed transactions for each of the envisaged payment channels, including POS, as per POI list, and e-Commerce-based transactions. CypherPay™ exceeded the required standards in all areas.”
Base serves clients in a wide range of industries, including property management, consumer finance and collections, tolling, parking and transportation, and charitable giving. These organizations leverage the company’s advanced payments technology and services to streamline payment acceptance and provide a more fluid experience for their customers.
“Few, if any, other systems like CypherPay™ have undergone this type of testing and certification, so stakeholders throughout the payments ecosystem – from merchants to service providers to ISVs – can rest easy at night when our solution has been implemented,” added Zachary Walker, Data Security Analyst at Base. “No one, at any level of a merchant’s organization, has access to sensitive customer information at any time, so the risk of data misuse or theft is eliminated. And, compliance can be confirmed annually literally in minutes.”
If you would like to read Sysnet’s report then you can find it on Base’s website (www.basecommerce.com/cypherpay-whitepaper.pdf).
About Base Commerce
Founded in 2008 and headquartered in Phoenix, AZ, Base Commerce is a leading provider of advanced payment processing solutions. Stakeholders in many areas of the payments ecosystem rely on the company’s comprehensive suite of technology and service offerings to ensure that payments are processed securely, promptly, efficiently, and cost-effectively.
About Sysnet Global Solutions
Headquartered in Dublin, Ireland, Sysnet is a global cyber security company, currently providing assessment and consulting services across more than 60 countries. Established in 1989, Sysnet has built a reputation for helping clients achieve compliance in a cost-effective manner, adopting a uniquely pragmatic and business focused approach. It offers a range of information security services, including PCI DSS, GDPR, ISO27002, HIPAA, Sarbanes Oxley, POPIA, FedRAMP, SWIFT, and other internationally defined standards. It proudly boasts a wide client base that includes global communication organizations, acquirers, ISOs, international banks, and payment service providers.