World-Class Security

Recurly is PCI-DSS Level 1 compliant, and recognized on the Visa Global Registry of Service Providers. We meet or exceed all industry-standard payment security practices to protect you and your customers.

What is PCI-DSS?

The Payment Card Industry Data Security Standard (PCI-DSS) provides a framework for developing a robust security process for credit card transactions. Any merchant or merchant service provider accepting, transmitting, and/or storing cardholder data must be PCI compliant.

Recurly Keeps You Secure

Data Encryption

Adheres to the PCI Data Security Standard for Service Providers.

Web Application Security

Follows industry-standard secure coding guidelines.

Physical & Network Security

Hosts data in dedicated facilities with 24x7 security.

Security & Compliance FAQs

How is security and PCI compliance enforced?

Recurly is PCI-DSS Level 1 compliant, a standard that specifies best practices and various security controls. Cardholder data is sent directly to Recurly to minimize risk to your business. Recurly provides a secure environment that goes above and beyond industry security standards and guidelines.

Does my business need to be PCI compliant?

All organizations processing credit card information, regardless of their deployment model, are required to be certified. Your merchant bank account requires your business to be PCI compliant, and Recurly helps you meet those requirements.

How does Recurly protect sensitive information?

Sensitive information is stored using several layers of encryption in a segmented network with no public internet access. New encryption keys are generated on a daily basis, and existing keys are rotated on a regular basis. Sensitive information is encrypted by an SSL connection when in transit over public networks with SSL connections limited to TLSv1, TLSv1.1, and TLSv1.2.

Does Recurly follow Web application development and security standard policies?

Recurly application development follows industry-standard secure coding guidelines. Application is segmented by function to maintain security.

How does Recurly secure physical and network access?

Recurly is hosted in a dedicated hosting environment with 24x7 security. Physical access to the network is strictly limited and monitored. Private networks are strictly segmented according to function. Restrictive firewalls protect communication entering the network and between private networks. All access to Recurly's network and services is strictly logged. Audit logs are reviewed on a regular basis. Internal and external network penetration tests are performed on a regular basis by third-parties. Two-factor authentication and strong password controls are required for administrative access.

Ready to Get Started?

Request a Demo