What is PCI DSS?

PCI-DSS stands for Payment Card Industry Data Security Standard. Also see PCI Security Standards Council.

What is SOC?

SOC stands for System and Organization Controls.

Are we PCI Compliant? SOC1 and SOC2 Certified?

TabaPay is a [PCI Level 1 Service Provider.]


TabaPay is SOC 1 Type II Certified.

TabaPay is SOC 2 Type II Certified.

Our SOC status.

Is the Sandbox and UAT Environments PCI Compliant?

You should be using test card numbers when testing in the Sandbox and UAT Environments. You should never use a real Card Number in the Sandbox and UAT Environments. We provide various test card numbers for various scenarios.

SSL/TLS Configuration?

We use Qualys SSL Server Test to check our SSL/TLS configuration on all internet facing systems:

Our configured Protocols and Cipher Suites:

TLS 1.3 is now available on all Environments.

We also removed some WEAK TLS 1.2 Cipher Suites:

We configure our Servers to the Recommended Cipher Suites as recommended by RFC 7525 and Mozilla Server Side TLS.

WAF, Web Application Firewall, protection?

We have a WAF, Web Application Firewall, in front of all internet facing systems. So if our WAF detects something funny, such as something in the OWASP Top 10, your request will get rejected with SC=406.