System Security Policy
MyGate is a payment service provider that process transaction for thousands of merchants. We take system and data security extremely serious and ensure that our customers transactional data is secure within our environment at all times.
MyGate uses 128-bit TLS certificates to ensure that all transactional information is passed securely between the merchant and MyGate’s site. No cardholder information is ever passed unencrypted and any messages sent to your servers from MyGate are signed using MD5 hashing to prevent tampering. In the event that PAN information is returned, the PAN will be hashed, including the first 6 digits and last 4 digits of the PAN.
Encryption and Data Storage
All sensitive data is secured stored within MyGate’s systems using internationally recognised 256-bit encryption standards. The data we hold is extremely secure and strict policies are in place ensuring limited and secure access to our servers internally are maintained. The information we store is highly regulated and audited regularly by a Quality Assurance Assessor (QSA).
MyGate’s systems are regularly scanned ensuring that our infrastructure and network remains secure at all times. Further to this, we use an Approved Scanning Vendor (ASV) approved by the payment card brands to review scans quarterly.
Additionally, MyGate is PCI DSS Level 1 certified, which is the highest level of compliance. As a service provider that stores and transmits cardholder data on behalf of our merchants, MyGate will maintain all applicable PCI DSS requirements in accordance to PCI DSS regulations in order to protect the integrity of our merchant’s cardholder data.
We are audited annually by a QSA ensuring that the upmost security is maintained at all times.
Links to banks
MyGate maintains multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.
Access to MyGate premises is controlled by biometric access with all in and out entries logged within our secure servers. No one can enter or leave our premises without using biometric access.
All employees at MyGate are checked for Criminal Records prior to employment and no unauthorized individual has access to or is able to decrypt transaction information or cardholder data. Our systems only allow access to our most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). All transaction information and customer card information is secure even from our own employees.
MyGate maintains a full disaster recovery and business continuity plan ensuring that maximum uptime and security are maintained in our data centres at all times.