MerchantESM Security
and Compliance

Ensuring the privacy and security of data entrusted to us
is at the core of everything we do to serve our customers.


Certifications and Compliance

  • MerchantE is a Level 1 PCI Validated Service Provider.
  • MerchantE undergoes a SSAE-18 SOC assessment annually.
  • MerchantE is an active Participating Organization on the PCI Security Standards Council

Data Transmission and Encryption

  • MerchantE uses HSTS to enforce encrypted internet traffic.
  • MerchantE maintains an A+ rating from SSL Labs.
  • All internet connections enforce TLS 1.2 at a minimum with a preference for Perfect Forward Secrecy (PFS) cipher suites.
  • All cardholder data is encrypted at rest using strong cryptography.  

Infrastructure Security and Redundancy

  • MerchantE maintains redundant connectivity to multiple Tier 1 Internet Service Providers.
  • All processing systems and data are contained within fully redundant, US-based, geographically dispersed data centers.

Enabling Customer Security and Compliance

  • MerchantE enables our customers adherence to privacy mandates including GDPR and CCPA.
  • MerchantE customers receive the tools needed to implement and supplement their own security programs, including:
    • Access to PCI Security Checklists
    • Templates to build robust security policies
    • Automated scanning tools to proactively mitigate vulnerabilities
    • On-Demand payment card training modules for employees
    • $100k breach protection backstop in the event of a data compromise

For more information about our suite of security solutions or for copies of our certification documentation, contact us.