What is PCI DSS?

PCI DSS stands for Payment Card Industry Data Security Standard. Also see PCI Security Standards Council.

What is SOC?

System and Organization Controls (SOC). It is for service organizations to provide validated reports on their internal controls over information systems serving their users.

To view TabaPay's SOC status, refer to the Visa Global Registry of Service Providers.

Are we PCI Compliant? SOC1 and SOC2 Certified?

TabaPay is a PCI Level 1 Service Provider.

TabaPay is SOC 1 Type II Certified.

TabaPay is SOC 2 Type II Certified.

See the TabaPay SOC status.

Is the Sandbox and UAT Environments PCI Compliant?

No.
You should be using test card numbers when testing in the Sandbox and UAT Environments. You should never use a real Card Number in the Sandbox and UAT Environments. We provide various test card numbers for various scenarios.

SSL/TLS Configuration?

We use Qualys SSL Server Test to check our SSL/TLS configuration on all internet facing systems:

TabaPay's configured Protocols and Cipher Suites:

TLS 1.3 is now available on all Environments.

We also removed some WEAK TLS 1.2 Cipher Suites:

We configure our Servers to the Recommended Cipher Suites as recommended by RFC 7525 and Mozilla Server Side TLS.

WAF, Web Application Firewall, protection?

We have a Web Application Firewall (WAF), in front of all internet facing systems. So if our WAF detects something funny, such as something in the OWASP Top 10, your request will get rejected with SC=406.