RevCent's infrastructure was created using industry best practices for ensuring PCI DSS compliance. Customer payment data is encrypted and stored in isolated air gapped networks.
Human access to customer payment data is not possible, only programmatic access via specific resources. Access by RevCent employees is strictly forbidden, and in fact not possible through using identity based programmatic access.
RevCent utilizes encryption for all communication, programmatic access and data storage. The web app, API and websocket are only accessible via HTTPS and TLS.
Customer payment data is encrypted before stored and again encrypted at rest. Internal systems with separate access permissions ensure that encrypted data is never exposed when transmitted between resources, and only specific resources can decrypt the data.
RevCent is hosted by AWS, which offers a suite of monitoring tools to detect and prevent malicious actors. Internal custom monitoring is also implemented.
We utilize AWS Cloudwatch for logging various actions and access, AWS Shield for monitoring application traffic and AWS GuardDuty to monitor and detect threats using machine learning.
RevCent's entire infrastructure is built using serverless technology, which removes many traditional attack vectors. Security concerns associated with running servers such as IP and denial of service attacks are eliminated.
Serverless executions are also stateless, thus in-memory data is erased soon after execution. Every endpoint is proxied via AWS API Gateway, which provides additional security benefits including blocking malicious requests.