PCI Compliance #
The Gladly secure form is specifically designed to comply with the strict requirements of the Payment Card Industry Data Security Standard (PCI-DSS). A dedicated PCI-DSS environment hosts the secure form system components. Gladly’s PCI-DSS AOC is available upon request.
- European Security Standards – Gladly meets the following international standards for data protection, ensuring that our European customers can safely use our Secure Form: PCI-DSS Level 2, GDPR, US Privacy Shield .
Data Flow & Storage #
Data is stored by 3rd party vendor who uses Amazon Web Services. They are hosted on AWS Availability Zone East (Virginia) and Availability Zone West (Oregon). Gladly retains ownership of the data with the vendor acting as the data custodian. Once an Agent receives payment data, they paste it into the existing processing system to complete payment.
Security Measures & Encryption #
The credit card information is stored in a vault outside of our system, with a PCI-compliant vendor. The vault lives in a highly available VPC on cloud services. It has strong Availability controls including robust system backups, blue-green deployments, redundant systems, disaster recovery as well as regular incident response and business continuity testing. The vault works seamlessly with our proxies to provide a secure and compliant way to easily protect your data both in motion and at rest.
All data vaulted and secured is encrypted at rest with AES-256-GCM. Industry-standard TLS (via TLS 1.2) is utilized in transit. HTTPS is required for any customer application communication. Decryption keys are stored separately from vaulted data in a separate hardened environment secured with multiple layers of authentication.