Ongoing Security Program

At Yak Pay, we have always placed a high priority on protecting our systems and data against cyber attacks. We have a comprehensive security program based upon the Payment Card Industry Data Security Standards (PCI DSS). PCI DSS is a security framework introduced by the card payment schemes to safely and securely accept, store, process, and transmit cardholder data to prevent fraud and data breaches.

We are proud to state that we have undertaken the highest level of PCI Compliance. This includes having an Annual Report on Compliance (RoC) completed by a Qualified Security Assessor (QSA), performing monthly network scans through an Approved Scan Vendor (ASV), and an annual Attestation of Compliance (AoC) form also completed by our QSA.

As part of this ongoing compliance program, our Qualified Security Assessor (QSA) conducts two external penetration tests (you can think of these like "ethical hacks") on our platform each year. In addition, our software development process and change management systems include security planning as a fundamental part of our application development and maintenace lifecycle.

Here is a summary of some key security achievements relevant to our platform:

  • We have not experienced any security or data breaches on our platform to date.
  • We have achieved 100% uptime since our launch in 2019.
  • We use only industry best practices for card data security (all cards are tokenised - which means we don't store the full card number in our database).
  • Cards are only ever charged after receiving a multi-factor authenication request from an authorised user.

We invite any questions you may have regarding our security program and record. Please forward all security requests to:

Mark Nimco
Chief Technology Officer (CTO)
Phone: 1300 925 729 (1300 YAK PAY)

Previous Post Next Post