When you have payment terminals or want us to process your payment transactions, you are entrusting CCV with critical and sensitive data about your business and your customers. Ensuring the security of your data is our top priority.
Given our critical role in the economic ecosystem, we understand the importance of managing security risks. Our cybersecurity team is aligned to our organization and enables us to reduce the risk of cybersecurity threats. We have an effective holistic cybersecurity approach based on CPMI guidelines on cyber resilience for financial market infrastructures.
It is our responsibility to ensure that we not only have secure payment terminals and a secure payment processing platform but that we secure all of your data. This means implementing and enforcing effective practices and processes. We are also responsible for regularly conducting third-party audits, and maintaining certifications to verify the security of our systems and processes.
Way of working
Our approach towards cybersecurity is based on the CPMI guidelines on cyber resilience for financial market infrastructures. Key aspects of our approach are the following five basic elements of our cyber resilience framework: Identification, Protection, Detection, Recovery and Testing. Implemented practices and processes are derived from this framework.
Audits and Certifications
CCV regularly performs audits and maintains a number of certifications to further strengthen our trust with customers. These assurance reports and certifications include:
CCV has an Attestation of Compliance for PCI PIN and PCI DSS.
CCV has been certified against this set of widely recognized and internationally accepted information security standards that specifies security management best practices and comprehensive security controls following ISO 27002.
CCV has been issued an ISAE 3402 type 2 report by an external independent auditor. This report is an independent examination of the IT General controls and controls around availability, confidentiality and security of customer data processed by the CCV infrastructure relevant for the financial reporting of customers.
We understand that you have specific questions on cybersecurity within CCV. We encourage you to examine our “Standardized Information Gathering” questionnaire and contact our Corporate Security department via firstname.lastname@example.org if you need any further information.