Securing your data.

At PointCraft, we prioritize the secure management and protection of customer payment data, ensuring that our merchants' systems remain outside the scope of security and compliance concerns. We achieve this through the use of advanced tools such as tokenization, secure payment APIs, hosted payment pages, and our robust developer API.

To safeguard against data loss, corruption, theft, or destruction, PointCraft automatically performs daily database backups. These backups are carried out between data centers and off-site locations, demonstrating our commitment to maintaining business continuity for our merchants.

PointCraft employs self-replicating database clusters to store transaction, cardholder, and merchant data, guaranteeing optimal uptime and load balancing. Sensitive cardholder data is securely retained for up to 48 months of inactivity, while customer and merchant data remain logically separated and inaccessible to each other. Access by authorized PointCraft staff is strictly logged for security and PCI-DSS compliance purposes.

PointCraft takes a proactive approach to data security by implementing firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS) on our servers. We conduct regular system updates and promptly respond to major vulnerabilities by applying necessary patches. Our servers are hardened in accordance with industry-leading security guidelines.

To ensure the utmost security of PointCraft's data and systems, we enforce rigorous access controls, including VPN requirements, well-defined user roles, multi-factor authentication, and comprehensive logging for network access and activity. Our internal office networks are isolated from platform environments and have restricted wireless access. Internal systems can only be accessed by employees who are physically connected to the network on-site.

PointCraft employs AES-256 encryption for all sensitive merchant and cardholder data, such as names, card numbers, expiry dates, and cardholder addresses, to maintain PCI compliance. We do not store CVV, PIN, EMV, or magnetic stripe data.

As a Level 1 PCI-DSS compliant service provider, PointCraft undergoes stringent on-site audits, vulnerability scanning, penetration testing, and adheres to NIST security practices. Our unwavering commitment to meeting the highest level of data security compliance with the Payment Card Industry Data Security Standard ensures the protection of our merchants' and their customers' sensitive information.

PointCraft invests significant resources to ensure maximum uptime for our networks and merchants. We utilize redundant virtual environments across cloud-based data centers and partner with service providers that employ industry best practices, including backup power generation and dual-path power distribution systems.

PointCraft's dedicated in-house developers create all our systems and applications, guaranteeing adherence to our strict security standards. This approach facilitates close collaboration among our programmers, quality assurance teams, and security staff to identify and address potential issues proactively.