PCI/SOC

What is PCI DSS?

PCI DSS stands for Payment Card Industry Data Security Standard. Also see PCI Security Standards Council.

What is SOC?

SOC stands for System and Organization Controls.

Are we PCI Compliant? SOC1 and SOC2 Certified?

TabaPay is a [PCI Level 1 Service Provider.]

256256

TabaPay is SOC 1 Type II Certified.

10241024

TabaPay is SOC 2 Type II Certified.

10241024

Our SOC status.

Is the Sandbox and UAT Environments PCI Compliant?

No.
You should be using test card numbers when testing in the Sandbox and UAT Environments. You should never use a real Card Number in the Sandbox and UAT Environments. We provide various test card numbers for various scenarios.

SSL/TLS Configuration?

We use Qualys SSL Server Test to check our SSL/TLS configuration on all internet facing systems:

10241024

Our configured Protocols and Cipher Suites:

10241024

TLS 1.3 is now available on all Environments.

We also removed some WEAK TLS 1.2 Cipher Suites:

10241024

We configure our Servers to the Recommended Cipher Suites as recommended by RFC 7525 and Mozilla Server Side TLS.

WAF, Web Application Firewall, protection?

We have a WAF, Web Applicaiton Firewall, in front of all internet facing systems. So if our WAF detects something funny, such as something in the OWASP Top 10, your request will get rejected with SC=406.