Security and compliance

Security

IP Payments’ server infrastructure is housed within a number of Tier III standard (or higher) data centres. These data centres offer world class facilities including temperature and humidity controls, earthquake protection and advanced fire control systems.

The facilities are monitored 24 hours a day, 7 days a week, 365 days a year with multiple security layers including guards, CCTV, photo access cards, “man traps” and locked server cabinets.

They are serviced by fault tolerant and redundant power systems encompassing dual council power supplies and Uninterrupted Power Supply (UPS) filters with back-up diesel generators.

IP Payments services utilise scalable and dedicated Internet access with 24 hour network monitoring, automated network alarms and a redundant architecture.


Compliance

All of IP Payments products are PCI DSS (Payment Card Industry Data Security Standard) level 1 compliant.

Click here to check our PCI-DSS compliance certificate.

 


***Security update – 11 April 2014***

Security for Heartbleed vulnerability

On April 7, 2014 the OpenSSL Project released an update to address a critical vulnerability known as Heartbleed (CVE-2014-0160). This vulnerability, which affects multiple sites across the Internet, could be remotely exploited to leak sensitive information.

Action by IP Payments

IP Payments has reviewed all of our sites and applications, and we have determined that all of our production sites, including www.ippayments.com.au and demo.ippayments.com.au are not vulnerable to this issue. We did discover that our corporate site (www.ippayments.com) was vulnerable. This has now been patched, and we have replaced our SSL certificate which is used solely for content management of our corporate site.  Our corporate site is hosted with a third party and no customer action is required.