Security

PCI-DSS

LinkCy handles transmission of all PCI-sensitive information. You, as a Partner, are not allowed to store this information, they will be only displayed directly to your Endusers.

To get access to this type of information, you will be required to be PCI-DSS compliant.

PCI-DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.

The following card information falls under the PCI-sensitive category:

The full 16-digit card number (PAN)
The 3-digit card verification number (CVV) required to make online purchases
The card PIN in case of physical cards

Learn More on How to access the PAN

API Credentials

API Credentials are critical, especially the partner's one, as they give full access on Endusers data.
Always store credentials in a safe place (Password manager or a vault for your backend).
If credentials are compromised, immediately contact your LinkCy representative or LinkCy support team.
Never communicate any Credentials to anyone, even if it seems legitimate.

LinkCy will NEVER ask for your credentials

Enduser data

LinkCy stores Enduser data in a secure way.

Please do the same with all the data you will extract from LinkCy API, as these data must never be exposed publicly.

A data breach is a serious matter, as it compromise Enduser security (personnal data allowing phishing attacks) and privacy (balances and spending history for instance). It also breaks the image of your company and LinkCy, as well as customers confidence !