Please try searching something.
Security
Standards and regulations compliance
Our customers trust us with their sensitive data and count on us to be diligent custodians of their customers' data; hence, we, as a payments infrastucture company, use best security practices to meet the rigorous standards of the global financial industry and maintain a high level of security.
PCI-certified
PCI certification is considered the best way to safeguard sensitive data and information, thereby helping businesses build long-lasting and trusting relationships with their customers.
Cardaq is a PCI DSS Level 1 Service Provider, with PCI DSS compliance assessed by an independent Qualified Security Assessor (QSA) annually. This is the most stringent level of certification available in the payments industry.
ISO 27001
ISO 27001 certification, the internationally recognized standard for information security management systems (ISMS), demonstrates the company's commitment to protecting sensitive data, mitigating risks, and ensuring the continuity of its services. By adhering to the highest security standards, Cardaq builds trust with its valued customers and partners, while gaining a competitive advantage in the market. The ISO 27001 framework enables us to proactively manage and protect information, ensuring the confidentiality, integrity, and availability of its data assets.
Product Securement
Access restriction and auditing
From the Merchant Portal, our customers can assign different roles to enable least-privilege access for their employees, and create restricted access keys to reduce the security and reliability risk of API key exposure. Our customers can also view audit logs and activity in their security history. These logs contain records of sensitive account activity, like logging in or changing bank account information.
Sensitive Data
All cardholder data is encrypted with strong cryptography according to PCI DSS encryption requirements.
Infrastucture Safeguards
Our security teams test our infrastructure regularly by scanning for vulnerabilities and conducting penetration tests. We perform third-party scans of our systems, and we immediately address their findings.
Domains and IP Addresses
Your integration must be able to communicate with Cardaq for it to function properly. Depending on how your integration operates, you may need to whitelist our network. To ensure that your integration operates securely, it must communicate with Cardaq domains through appropriate IP addresses. If your integration also receives webhooks from us, ensure that these events originate from a Cardaq webhook IP address.
Cardaq Domains
If your network configuration allows domain whitelisting, then include these Cardaq domain names:
- gate.cardaq.co.uk
- transactions.cardaq.co.uk
IP Addresses
You must systematically resolve our IP addresses. To do so, perform DNS lookup for both domains mentioned above. We recommend that you check every hour. We do not provide a list of IP addresses for whitelisting. IP addresses change over time due to various reasons, hence hard-coded IP addresses may disrupt interactions.
Webhook Notifications
For webhooks, we use static IP addresses. Webhook notifications may come from the following IP addresses:
- 3.120.76.84
- 3.75.42.20