DGVault

Security

Periodic certification of security compliance is done by a third party security audit provider
The functionality of the security setup (controls, restrictions, connections etc) are tested once a quarter and after installing new software or code to ensure that our entire network is free from vulnerabilities.
DGVault maintains an information security policy that addresses information security concerns to be followed by its employees. This policy is reviewed and updated at least once a year.

All vendor supplied default passwords on software and hardware are changed. All passwords will be complex and difficult to guess. Passwords on servers, databases etc are changed at regular intervals.
Transmission of card holder data and other sensitive information is encrypted using a 128-bit Secure Sockets Layer (SSL) digital certificate.
CVV2 data is not retained on the DGVault servers once a transaction authorization has been completed.
Cardholder data is masked when displayed or stored.
All application activity and access to network resources are time-stamped and logged. These activities are linked to individual users (either end-users or administrators).
Audit trails are archived and retained for a minimum of one year.
DGVault code is developed based on secure coding guidelines and industry best practices. Information security is emphasized throughout the software development life cycle and routine review of application code is done to identify possible vulnerabilities.
Access to the applications are authenticated using a 2-factor authentication mechanism.
Connections to payment gateway providers are done using SSL and advanced integration methods.
Any user sessions are automatically closed after a specified period of inactivity.
DGVault code utilizes advanced fraud detection solutions such as AVS, CVV, etc.
Access to the DGVault application can be restricted to only specific IP addresses of the customer if required. This further enhances security.
Access to various modules of the DGVault application can be restricted using user roles - e.g. a particular user may have access to only view monthly statements while another can view invoices and make payments.
The database and data storage system segregates each customer's data and associated documents so that users of one customer cannot access data from other customers.

Firewall installed to protect the data. This helps to eliminate unauthorized or unwanted external activity and safeguard the network and connections from outside threats such as denial of service or hacker attacks.
Customer information and other sensitive data is encrypted and masked in a secured database server that is not directly connected to the Internet. Access to this database server is restricted only to the authorized DGVault programs.
The server is scanned regularly for virus, spyware and other threats. A monthly security review ensures OS hardening, OS patch updates, internal and external security audit scans.
Any hard copies or backups of sensitive information are securely stored and locked in storage rooms whose access is restricted on a need-to-know basis.
All access to the DGVault servers is authenticated and password-protected. Data access is restricted on a need-to-know basis and available only to trustworthy administrators.
Any wireless transmissions of sensitive information are securely encrypted.
Non-console administrative access is highly restricted and used only by authorized administrators. Ongoing software updates are done via secure interfaces such as SFTP.
Our data centers at Dallas and Houston are SAS 70 Type II certified.

DGVault utilizes a three tier backup system for backup and disaster recovery.

RAID mirroring – Any data written on the primary disks is duplicated/mirrored to another pair of disks simultaneously. This ensures data redundancy and is the first line of defence against any disk or data crashes.
Off server backups - Full and incremental backups are copied to a separate backup server. Incremental backups are done daily and full backups are done once a week.
Off site backups - Full backups are transferred once a month and stored on DVDs then transported to an offsite location.
The recovery/restore process utilizes the full backup and incremental backup files to restore the data and server configuration back to the point before any server crash.
Depending on the complexity of the server crash, the backups can be restored from the RAID copy, backup storage or the off-site DVD backup.
Regular recovery testing is performed to ensure integrity of the backups and also readiness of the DGVault team to implement a quick recovery.