Security & Availability

Security & Availability

Virtual Terminal

Security & Availability Information

The TokenEx Cloud Security Platform removes sensitive data sets from a client’s IT environment and business systems and stores it in the TokenEx Secure Data Vaults. Because TokenEx is a custodian of your data, we strive to ensure our security and availability capabilities meet the rigor that our clients require to keep their businesses running.

PCI Compliance

It is TokenEx’s business to help you understand the complexities and importance of PCI compliance and to assist you in achieving the appropriate level of compliance for your type of business. While our goal is to minimize the scope of your PCI compliance burden, our tokenization platform must be 100% PCI compliant at all times. You can check our PCI compliance status at the Visa and MasterCard web sites.

Secure Data Storage and Transmission Practices

Data security best practices and compliance initiatives clearly state what data is allowed to be stored by a merchant or processor. In compliance with these guidelines, TokenEx does not store any data that falls outside of compliance and security best practices.

In our own systems, TokenEx uses industry standard symmetric key encryption to protect customer data stored in our data vaults, and we ensure the integrity and confidentiality of our encryption keys through strict controls. We secure data in transit using industry standard asymmetric encryption through industry leading Public Key Infrastructure (PKI) Certificate Authorities (CA).

Authorization Model

TokenEx has designed and implemented a very secure model for authorizing access and granting permissions to the TokenEx platform, based on a multi-factor authorization model. Each TokenEx client has a unique identifier for accessing their vaults. Clients can assign granular access control to each method through unique API keys. An IP whitelist strictly limits access to vaults only from specific IP addresses that your organization designates and controls.

By employing this authorization security model, TokenEx provides very granular controls for access to the platform and limits access to the specific methods that handle sensitive data within the platform. This authorization model can be reviewed by your ISA or QSA to validate scope within your own PCI environments.

Security Controls Due Diligence

TokenEx regularly performs due diligence on the security controls we have in place. Due diligence of these controls includes, but is not limited to:

  • Network Penetration Testing
  • Dynamic & Static Application Security Testing
  • Wireless Penetration Testing and Assessment
  • Network Vulnerability Scanning
  • Device Configuration Reviews
  • Access Control Reviews
  • Log Reviews

Disaster Recovery

With your sensitive business and customer data stored in our data centers, TokenEx strives to ensure it is available at all times, even after an unforeseen disaster. TokenEx has designed and built an infrastructure that supports this goal, so that in the event of a data center disaster, a secondary distant data center is instantly available to manage transactions. We test our disaster recovery capabilities on a regular basis.

Platform Data Center Reliability and Availability

The TokenEx architecture is designed to be highly available and reliable. TokenEx Cloud Security Platform is co-located in multiple data centers in the United States and Europe. Our tokenization and data vault services in the data centers meet at least Tier 2 status and are audited annually by an independent third party. TokenEx maintains ownership and full operational control of all systems within the data centers. Within each data center, TokenEx is fully redundant. In addition, TokenEx continuously syncs data across data centers to ensure the highest standards of availability. We store encrypted backups of data vaults with an independent service provider.

Tokenization Services Uptime

TokenEx is transparent about service uptime. We provide our previous 3 months of uptime using an independent 3rd party service provider. These statistics are available on our TokenEx Client Portal.