Version: 1.0
Effective Date: 01/01/2024
Last Updated: 07/07/2026
PCI DSS Security Statement
Our Commitment to Payment Security
At Octalas Pay, protecting payment information and maintaining the highest standards of information security are fundamental to our business. We are committed to implementing industry-recognised security controls and supporting the requirements of the Payment Card Industry Data Security Standard (PCI DSS) to safeguard payment transactions and customer data.
Our objective is to provide secure, reliable, and resilient payment technology for businesses, merchants, and enterprise clients.
Payment Card Security
Octalas Pay has been designed using security-first principles to reduce the exposure of sensitive payment information and support secure payment processing.
Where payment card transactions are processed through authorised payment partners, sensitive cardholder data is handled in accordance with the security requirements of those providers and applicable PCI DSS obligations.
Octalas Pay does not intentionally store full Primary Account Numbers (PANs), CVV/CVC security codes, or other sensitive authentication data unless expressly permitted under applicable PCI DSS requirements and supported by appropriate security controls.
Security Controls
Our security programme incorporates administrative, technical, and organisational safeguards, including:
- Encryption of data in transit using TLS
- Encryption of sensitive data at rest where applicable
- Secure authentication and access controls
- Multi-factor authentication (MFA) for privileged accounts
- Role-based access control (RBAC)
- Continuous infrastructure monitoring
- Security logging and audit trails
- Network segmentation where appropriate
- Secure software development practices
- Regular security updates and vulnerability remediation
PCI DSS Compliance
Where applicable, Octalas Pay supports compliance with the Payment Card Industry Data Security Standard (PCI DSS) and works with payment processors, acquiring banks, and technology partners that maintain their own PCI DSS compliance obligations.
Merchants remain responsible for meeting any PCI DSS obligations applicable to their own environments, systems, and business operations.
Third-Party Payment Providers
Certain payment services may be provided through regulated financial institutions and authorised payment providers.
These providers maintain independent security and compliance programmes and may be responsible for the secure processing of payment card information within their own infrastructure.
Secure Development
Octalas Pay follows secure software engineering principles throughout the software development lifecycle, including:
- Security reviews during development
- Code quality and peer review processes
- Vulnerability management
- Secure configuration management
- Access control procedures
- Change management
- Security testing before production deployment
Infrastructure Security
Our infrastructure is designed to promote:
- High availability
- System resilience
- Data integrity
- Secure communications
- Business continuity
- Disaster recovery preparedness
Appropriate monitoring and incident response procedures are maintained to identify and respond to security events.
Merchant Responsibilities
Merchants using Octalas Pay remain responsible for:
- Protecting their own systems and devices
- Maintaining secure credentials
- Following PCI DSS requirements applicable to their business
- Keeping software and hardware up to date
- Reporting suspected security incidents promptly
- Protecting customer information collected outside the Octalas Pay platform
Security Incident Response
Octalas Pay maintains incident response procedures designed to:
- Detect security events
- Investigate incidents
- Contain threats
- Restore affected services
- Notify relevant parties where required by law or contractual obligations
- Improve future security controls through post-incident review
Responsible Security
Security is an ongoing process. Octalas Pay continually reviews and enhances its security programme to address emerging threats, evolving technologies, regulatory developments, and industry best practices.
Contact
For security-related enquiries, please contact:
Security Team
Octalas Pay
Email: security@octalaspay.com
