¶ Customer Card
RevCent stores customer payment data on behalf of it's users. You can view stored card information, including BIN details, related purchases and more.
¶ View Customer Cards
View all customer cards by clicking Customers > Customer Cards the sidebar or going to https://revcent.com/user/customer-cards
¶ Customer Card Details
View customer card details by searching for the customer card in the top navigation search box, or clicking on the customer card ID when viewing all customer cards. The customer card details page will display all related entities of the customer card, i.e. customer, sales, product sales, etc.
Note: You cannot view or retrieve the full credit card number for a customer card. Customer card numbers are securely stored and are not publicly accessible.
¶ Payment Data Security
Our PCI DSS Level 1 certified infrastructure, enhanced monitoring and additional levels of security ensure that all data is safe.
¶ PCI DSS Level 1
RevCent is a PCI DSS Level 1 service provider. All customer payment data is encrypted and stored in isolated air gapped networks. Human access to customer payment data is not possible, only programmatic access from specific resources. Access by RevCent employees is strictly forbidden, and in fact not possible through using identity based access.
¶ Encryption
RevCent utilizes encryption for all communication, programmatic access and data storage. The web app, API and websocket are only accessible via HTTPS and TLS. Customer payment data is encrypted before stored and again encrypted at rest. Internal systems with separate access permissions ensure that encrypted data is never exposed when transmitted between resources, and only specific resources can decrypt the data.
¶ Enhanced Monitoring
RevCent is hosted by AWS, which offers a suite of monitoring tools to detect and prevent malicious actors. Internal custom monitoring is also implemented.
AWS services we utilize include AWS WAF for all inbound requests, AWS Cloudtrail for logging account actions and access, AWS Shield for monitoring application traffic and AWS GuardDuty to monitor and detect threats using machine learning.
¶ Serverless Infrastructure
RevCent's entire infrastructure is built using serverless computing, which removes many traditional attack vectors. Security concerns associated with running servers such as IP and denial of service attacks are eliminated.
Serverless executions are also stateless, thus in-memory data is erased soon after execution. Every endpoint is protected by AWS WAF and routed via AWS API Gateway, which provides additional levels of enhanced security.