Security Compliance

iToll meets the following requirements:
1. Payment Card Industry (PCI) and Data Security Standard (DSS)
2. Payment Application Data Security Standard (PA-DSS)
3. PADSS and PCI DSS requirements and validation.
4. Security of authentication/authorization.

5. Hardening of the mobile application.
6. Protection of sensitive data during processing, storage and transmission (end-to-end security).
7. Clear documents stating which requirements are met as stated per applicable PADSS & PCI-DSS.
8. We will also demonstrate iToll meets security and compliance requirements.
9. We will also demonstrate how the effectiveness and accuracy of the controls used is verified.
10. We will also demonstrate how we ensure security and PCI compliance are maintained after updates/bug fixes
11. We will facilitate forensic examinations of the application to ensure that none of sensitive data is written to disk, or stored on a temporary basis
12. Application will not be able to be installed or establish connectivity from a “jailborken” mobile device.
13. There is zero sensitive authentication data written to logs.
14. Ensure uniform protection (regardless of the link type) through SSL tunnel to wrap all of the traffic to and from the payment application.
15. iToll cannot establish connectivity using un-trusted SSL certificates.
16. iDigg will provide methodology to ensure compliance and supporting documents to aid PCI audit.
17. iDiggApp maintains the highest level of end-to-end security.
18. iDiggApp provides remote updates, troubleshooting and maintenance.
19. Sensitive authentication data is never stored after authorization.
20. iDiggApp shall provide support to meet ongoing PCIDSS and PADSS compliance requirements.
21. iToll adheres to all card brand security and compliance mandates.
22. iDiggApp provides integration of advanced authentication methods (ex: risk based adaptive authentication, hardware signature, multi-factor authentication)
23. iDiggApp continuously test application to address vulnerabilities.
24. iDiggApp shall conducts regular mobile application code review, penetration testing and remediation of vulnerabilities.
25. iDiggApp conducts forensic analysis of mobile devices (IOS & Android).
26. iDiggApp shall performs “gap” analysis between how the application subject to functions compared to PADSS & PCIDSS compliance requirements.
27. iDiggApp has strict methodologies in place to protect against OWASP top 10 vulnerabilities.