- «MOMKN Payments» is committed to safeguarding customer information. To this end, we invest significant resources to provide secure and reliable payment solutions for you and your customers.
2. PCI DSS Compliance
- «MOMKN Payments» is a validated Level 1 PCI DSS Compliant Service Provider.
- To achieve this, the Company has clearly defined the responsibility and authority of the Directors to oversee and manage the Risk Management Program, while conferring responsibility and authority on the Audit and Risk Management to develop and maintain the Risk Management Program in light of the day-to-day needs of the Company. The Audit and Risk Management is governed by the Audit and Risk Managers, a copy of which is available on the Company’s website.
- Regular communication and review of risk management practice provides the Company with important checks and balances to ensure the efficacy of its Risk Management Program.
- The key elements of the MOMKN’s Risk Management Program are detailed below
3. What is PCI DSS?
- PCI DSS is the Data Security Standard put together by the Payment Card Industry Security Standards Council, comprised of the four major payment networks: Mada, Visa, MasterCard, and the American Express. It is the global data security standard that every business wanting to accept payment cards and store, process, and/or transmit cardholder data must comply with. The data standard has a total of twelve compliance requirements broken down into six broad control objectives:
- Build and maintain a secure network;
- Protect cardholder data;
- Maintain a vulnerability management program;
- Implement strong access control measures;
- Maintain an information security
- «MOMKN Payments» implements the highest technology standards to meet the PCI compliance such as:
- Data Encryption Keys (DEKs) and Key Encryption Keys (KEKs) that are encrypted with AES256 algorithm and Master Key which is encrypted with RSA1024 algorithm;
- 128-bit Secure Sockets Layer (SSL);
- Implement WAF (Web Application Firewall) to protect against threads;
- Use file integrity products to detect malicious file access;
- Use intrusion detection systems;
- Monitor and analyze security alerts and information;
- Incorporate two-factor authentication for remote access;
- Deploy anti-virus software on all systems commonly affected by malicious software;
- Limit access to system components and cardholder data to only those individuals whose job requires such access.