Data Transfer Security
To ensure data transfer security the encryption protocol EV SSL-128bit is used. The system is implemented in cooperation with the company Thawte, which specializes in security transactions.
Access to the systems of Viva Payments is controlled by firewalls, which allow the use of specific services to customers/visitors while prohibiting access to Viva systems and databases which use and store sensitive data. To ensure maximum data protection, as required by PCI-DSS, Viva uses the latest technology for tracking malicious attacks (Intrusion Detection and Denial of Service Protection Systems).
In terms of physical access, Viva Payments hosts the entire infrastructure at Rackspace (Level 1 Certified Services Provider), a UK based certified PCI-DSS data center. The data center has 24x7 security and only authorized employees have access to the data halls. Security engineers from Obrela Security Industries provide 24 hour surveillance of the hosting facilities and of external threats from the internet. All necessary security patches are applied to prevent potential threats. All systems have followed a rigorous process of hardening in accordance with the requirements of the PCI-DSS.
From the beginning to the conclusion of your on-line session, all information and personal data is encrypted using 128-bit Secure Socket Layer (SSL) encryption. Encryption is basically a way of encoding information until it reaches the specified recipient, who will be able to decode it using the appropriate key. Every time you make a payment with Viva Payments, all communication between your computer and Viva Payments' systems is encrypted using the 128 bit EV key from Thawte (the most recognized company in issuing cryptographic keys for banking services). This means that each time you send information to the system, your browser encrypts the key using the first 128 bits and then transmits the encrypted data to the system. The Viva Payments system first decrypts the information obtained using the same key (assigned as soon as the connection is initiated with the service) and processes it. The Viva Payments systems transmit data using the same encryption process.
Viva Payment Services is a payment institution licensed by the Bank of Greece. The same basic principles that apply to traditional banking also apply to Viva Payments. All information supplied by the card holder to Viva is confidential.
Regarding the PCI-DSS certification, Viva Payments has taken all necessary steps deemed necessary in the context of the services provided.
To ensure data privacy is respected, personal data is stored on a secure "central server". Adhering to N.2472/1997 "on the Protection of Individuals with regard to the Processing of Personal Data"
Respecting personal data, keep your personal information in a secure central server "central server". Viva Payments has the right to maintain a secure record of personal data from employees, partners, customers and suppliers, which may be transmitted in Greece and abroad, provided that the database and data transmission are in accordance with the business purposes of Viva Payments and the Law as stated in N.2472/1997 "on the Protection of Individuals with regard to the Processing of Personal Data".