Integration, hosting, security
Integration with Verestro
Verestro offers three ways to take benefit of our solution, see table below for detailed comparison and pros of each of them.
White Label Application |
SDKs |
APIs |
|
What is it? |
Complete mobile application for Android & iOS. Ready to be branded, customized and deployed to your users. |
Native development kits for Android & iOS. Libraries easily pluggable into your existing mobile app, they take care of heavy-lifting and allow you to focus on User Experience. |
REST-based interface to enable integration of your existing back-end to our services. |
Key benefits |
|
|
|
When to choose? |
|
|
|
Sandbox Environment
We have sandbox environment available per request. Contact [email protected] to get access. More information about connection configuration can be found here: Connecting to server-to-server APIs.
Hosting
We deliver our products in Software-As-A-Service Model. We build a new instance of the platform for new customers and we host in either in private cloud (European Union) or public cloud (AWS anywhere in the world). We prefer this model of delivery as almost every software component is going through updates every 2nd week. We need to make sure service is compliant with security requirements, android, iOS, Mastercard, VISA so we are in a constant development process. It is usually impossible or very difficult to go through regular deployment and release process if we do not host the platform.
Security Standards and PCI DSS
Verestro is compliant with the highest level of PCI DSS Standards - Level 1. We are regularly going through system scans and once per year we are going through on-site audit performed by certified PCI DSS auditor. Verestro is also regularly checked and verified by Mastercard or VISA and multiple institutions (including big banks) that are regularly auditing Verestro infrastructure. We achieved the highest security standards by:
- Building and maintaining network security - the need to build and maintain a firewall configuration that protects cardholder data, not using manufacturers' default passwords and settings.
- Protecting cardholder data - protecting stored cardholder data, encrypting data transmissions when using public networks.
- Maintaining a payment management program - using regularly updated anti-virus systems, developing secure systems and applications.
- Implementing strong access control methods - limiting access to cardholder data to only those with a business need, assigning each user a unique ID, limiting physical access to cardholder data.
- Regular network monitoring and testing - testing security systems and processes, controlling access to network resources and cardholder data.
- Maintaining information security policies - relying on security policies for employees and vendors.