Security: How does CentralPay protect your sensitive data with its sister company Cyrès Datacenter?

As the holiday season approaches, e-commerce sites experience a large number of simultaneous connections. Every year, this rush of visitors affects the payment processes of some online sites (slowdown of the loading speed, unavailability, degradation of the customer experience…), having very costly consequences for e-retailers.

In order to fight against these inconveniences, it is essential for a payment provider to benefit from web hosting and processing of its customers’ banking data inside a high security datacenter. In this article, you will learn how CentralPay protects your sensitive payment data with its sister company Cyrès Datacenter.

On a technical level, the objective of a “data center” is to provide IT services in a controlled environment (air conditioning, dust, power supply, etc.) and secure environment (anti-fire, anti-theft and anti-intrusion systems, etc.), with a corrugated and backed-up power supply. Thanks to its huge storage capacity, this concentrate of technologies allows to ensure web hosting, data security, management (notably the execution of calculations and cooling) and maintenance of the equipments and the stored datas.

In order to guarantee a constant quality of service to its customers, a datacenter operates 24 hours a day without interruption. For this reason, many parameters specific to the infrastructure come into play for optimal activity: heat and cooling management, air quality, humidity levels…

However, not all data centers are equal, both in terms of control environment and security. Therefore, many labels and certifications exist to validate the performance, high availability and security of each infrastructure:

• ISO27001: Information security
• PCI-DSS: Security standard for bank data processing
• HDS: Hosting of personal health data
• Code of Conduct for Datacenter

For a payment service provider, this infrastructure allows to meet business needs with strong banking constraints, where Big Data environments can offer many possibilities on the data. Indeed, these hosting companies guarantee the security, durability and confidentiality of the data entrusted to them.

A datacenter therefore implements numerous security measures to protect networks from computer attacks and data breaches (anti-DDoS, firewalls, security patches, anti-virus, load balancer, reverse proxy…). This reinforced data security is essential, especially for the protection of sensitive data related to payment. In addition, the data is backed up several times in different locations, either locally or externally in a remote data repository. This backup guarantees a quick recourse to the data in case of loss or accidental deletion.

In recent years, IT (Information Technology) outsourcing has gained ground in the strategies of many companies. The acronym IT refers to the multiple networks, software, equipment and also the business and data management systems of a company. Since 2020, the health crisis has highlighted the advantages of an outsourced, autonomous Information System (IS), able to ensure business continuity in all circumstances, remotely.

IT outsourcing is therefore a challenge for companies working with sensitive data (banking, health, messaging, etc.), which require significant protection. Indeed, for a payment service provider, the centralization of these data allows it to control all of its IT and technical environments in accordance with its payment data security issues.

Ensuring the storage and security of sensitive data, subject to PCI-DSS constraints, is a major challenge for every professional payment company. Thus, for CentralPay, benefiting from web hosting in the datacenter of its sister company is a real asset in terms of security.

Since its creation, CentralPay has been working closely with Cyrès, its twin entity, a specialist in Cloud and security. From its ISO 27001 & HDS tier III datacenter, Cyrès is in charge of web hosting, data security and payment fraud detection. This highly secure environment allows CentralPay to deliver a contractual SLA of 99.9% with an RPO (maximum data loss) of maximum 60 seconds and an RTO (recovery time) of maximum 15 minutes.

The Cyrès high-tech datacenter is ISO 27001 certified, which is the international reference standard. It allows an optimal management of the risks linked to information security, through rules of monitoring, revision, maintenance and improvement of the management of the security of information systems. In addition, the datacenter is certified as a Health Data Host (HDS).

In terms of telecommunications, Internet access to the Cyrès datacenter is provided by multiple operators in order to provide an optimal guarantee of availability. The datacenter also benefits from the France-IX peering point, which significantly reduces latency towards major international IT players. These features are essential to guarantee high availability and low latency of transaction processing.

Located in Tours, a few kilometers from CentralPay’s offices, the Cyrès datacenter offers the guarantee of local storage of your banking data. The building has a capacity of 110 computer server bays and an electrical density of up to 32A per bay. With a strict visitor access control protocol (up to 6 access controls, including strong authentication), a video surveillance system for the entire 700m² and a compulsory certified attendant, data security is guaranteed.

Thus, in addition to the tokenization process managed internally, CentralPay benefits from an internal datacenter, allowing it to ensure data security and the proper functioning of your payment pages, even during periods of high visitor traffic on your e-commerce site.

As a payment service provider, CentralPay, accompanies you in the digitization or optimization and security of your payment processes, to help you imagine tomorrow’s purchasing path.