Token Security Guide

PCI Compliance and Payment Handling
  • All online payment processing is done via scoped secure iFrames, eliminating card data from touching our servers.
  • Passes internal and external application and network penetration testing performed by Skoda Minotti.
  • Scanned weekly by an Approved Scanning Vendor (ASV), Tenable.io.
  • PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.
  • Credit Card data is never stored by Token.
  • Token provides organisers with the ability to opt into using EMV with point-to-point encryption (P2PE) for payment processing.
Privacy
  • We do not sell personal information of our customers to third parties.
  • We have full time staff focused on privacy and security issues.
  • Token processes user personal data in accordance to GDPR’s data protection principles and has appointed a Data Protection Officer to oversee our GDPR compliance.
  • You can find our privacy policy at: https://www.gettoken.com/privacy.
Hosting Environment
  • Token uses carrier grade data centers that meet the following certifications:
    • PCI-DSS Level 1 Service Provider
    • SOC 1 Type II and SOC 2 Type II
    • ISO 27001
Encryption
  • All web traffic is encrypted by TLS 1.2 or greater.
  • Token follows NIST recommendations for hashing, symmetric and asymmetric encryption.
Encryption
  • All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.
  • All staff regularly receive simulated phishing tests.
  • All staff must sign off on security and acceptable use policies and procedures.
Responsible Disclosure
  • If you discover a vulnerability, Token requests that you responsibly disclose the vulnerability to our security team by taking the following steps.
  • Do not attempt to exploit the vulnerability
  • Email our Security Incident Response Team at [email protected]
  • If the contents of the vulnerability are sensitive in nature, please use our PGP key, below
  • All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.


-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBF1C12QBCACXqUuMI2iw0gVp6rTKziyfNpaoBPs0YsrNRWwoySKTTFdqWAYB
6evqZoEyjxwiATE7iJwh4nZP82/rjpq5JuqZ+Gp2wXGPO6W+7xD/WSek8ph9qRyo
V3r6ivzNPjHs1gQAmZsI1gGVwIlYmC+bdLKkjz56L0rXDXPJXGcKQ1lcFWXVHA4z
V7P2ToV3O9J9e41Isg2Mg/ZtNi23zvNC5+fFebW37yXTnKd57nHiKe89hBfjnYNI
02G6MaIiFtfEt0VrGe0hVzlz/d3fQjnZ/qLIHVf1/D0uYf2idgylKY+J3kNX/rpR
e2g32mWHTGRhO5QWMSM9+yloS7kSNPHbXZMdABEBAAHNIU1hdHRoZXcgSmFtZXMg
PG1hdHRAZ2V0dG9rZW4uY29tPsLAbQQTAQoAFwUCXULXZAIbLwMLCQcDFQoIAh4B
AheAAAoJEEJVXMje+kioaYwH/jeSbUssMA2iuYWeQjiDJ/NYNMb1l9tVqHqS2qDh
1aQ5AUMFvsgc2fgziQveDTujfTC0ldu/raZa3v7cIZ++EKMLkLJIHuetBvGSThV4
U28Yobje1mbh6Cv737qPVTauZz4+pK+8GavId7Mf6oirPwtK6O1HhI8sd+sh7pAX
lw0QU77vcE/XZ16KmIzz7hHcFSS0hgulkO42Y5imKyxHRsZYsKTPJso97NOImVj0
4I2cQuBCCnYdgcz5X0JbuEbSq/IHv0OH6FJuh/xFuBDRvUM94VUOmmvtwa+q2Og9
cQhfaAafMcNdIBftTribTla+aVRVP8bZy8YI94VluQS7BrbOwE0EXULXZAEIAJR0
0L30oqfeR2pbw0+UlYSWt7T8DLzJ4cvDTVOioGWftTDRT2ZXJqbdUmWEz5rA4k2s
VMqEeyyK29a1G1PFry8ilWRcRQHEcGBYeKaWu1TRf7lAb5ilRT1gCH04rV2cTY+h
JdcP78Oc/hkyBkuFRFq2RCVQVbJcQl99UlrTRH0i+UYARBRTcDHj2H695RSmWkOV
zrP1DFlMpoAzt/V4+AVlC6IfFcjvxoBe9l2nKi9LL8rneb1AtufA5ABiAiCzk8Ip
keUWbgd6yRUxIrATbhTgJooNQgWWaCUGWAXm0wsIoa9icd3AEoa9RBzTkPZ1hVel
syRrBSnVRowZTOKPYt0AEQEAAcLBhAQYAQoADwUCXULXZAUJDwmcAAIbLgEpCRBC
VVzI3vpIqMBdIAQZAQoABgUCXULXZAAKCRAZ7odOC/+BqFKxB/48vewWD3qh9mh9
LTIhgFJUN4n/beLfBUCH0PcMaBSBBGRUyReW8/b3SPWKmUsjedPqunI2ZF8cLUON
5/iAb2KDDbLe4gqboUx+lppNm1P5TXr2ruZkypmPXgNw9RrBp2SEAHJhkTPoP1LI
QE2r19CL00FAzLrkYBJ0IG2aFKm04cVuXDZCr/VTamyJN8XaQ18h9JYu4L0lsDFJ
R128PR9OuRC7hEft1gE9Wtfas3TMosBK2F7xH1PjM+/RDI9ZDkGuQqr6oNvZoUBP
gJIF9/rnK0HVCJbxNFKXK3jZTAjTDRKAtVFqXug0UUx2bVg3G89O9nDduS1obcUS
IKzbdRV/mboH/2974lpRa2PPocC+3WS1+NtzCZU4eOiv+b7xnjsnXtWJRpnEJoO/
1x4IVySkowKoC8LMNt1GTboL6BUL7tLm6CirLo7EZozrLScQDYyskrdmrwTXSQ9R
8S7/nwtbnGuKQHH9vfLo911HdXMzjj0od8QUq6Xp4E966B8MyOX41/ewACP+uc+O
YMnFcmB4yG2ZFRx3qOmLta66p1ddg+Hfso2yC0tS7DeAW2Vfj5DmUiVvCHET/YN8
/iKIN5yE/JGldZzM/XoC+1xC+eV70NyeZwZ8RErk39ZnHENZIVID3rtZBUe6Qgjy
2fQiyfnSpuzkShB9I5XNq9OKqSy10e4ntO/OwE0EXULXZAEIAM1ZLiUIF9B4zkQn
8KH+wz32WyHg5UhQz1iajuXaDuWxr8Tb4HJlIB//zoms4eZ/v+lFN0CqRPZRDasw
8mXVWVVag/ImH4Lb26VnOo4nL2Es4heLXSi50NS0xCtZlVUOkepg2pdZ2RjkbQ7i
MHa68WHZFmFOHJIWfQxfpRM+rPXp5G8b+Q56uYzROR+bJXqOYDAWoalC5XmuRQ+G
xJceGw6HKWBLl3sK5DVqb6qy32grulXpFMRP92RFtNQ2MFe1vrMxzEGCGbr2Qh/I
ppVuCRwawhQnH1xwOFXkBaohS7RM+AYYLoZfsep/Zz06aaNJs0OkOvlDhwBxM6fT
FACcOpcAEQEAAcLBhAQYAQoADwUCXULXZAUJDwmcAAIbLgEpCRBCVVzI3vpIqMBd
IAQZAQoABgUCXULXZAAKCRDhg/DrRgjWTirQB/48QggKYqpYVhIiQ9M2R+EsIQnO
sq+Zmb/M1D1JnFNwQm35rOuGc+9qBylGuJAjKhdAXazxhnfOy0XPIPmyMKk1aWlt
eLg1rgW2OI8csEO3PaSmHEPi5aszONseHMWw81qX0hH87+YJnca+h8SWuTIY6T3W
CqyhD7qGOS7SbhOHrJiEScM/uP+DxZzOKgTTTGbEizVVj+Rux0vZpQsOYN0FuZk+
z4qtDddXxPArtyvrKgyBRKO42Cs8u6sh5rQFr7AisFKNw3uSmblBRxK+dyKq9apd
Lh6TZvWrtGslOwj0fE8S8h7eLaq+2QvGrmRaaB8bNN+XUaZEPJBjiE2Lj1XeYv4I
AIbD7VleaZOIO6IrRXms5aiETHjyUi5DWMJqvbUySuDJwAfhEW8PHd7jH30SI2VV
pm4ClPHkuW+VOQSAW3H/8QF2ZX9l0HgajlFwvPTfPF2xXPNQmsFU5oNzmTkww3Pi
tS1R8pZAe4rq74LEO1MuLaYi0RB4gXUUgvm/XeNfkm5e77kx6YF7v+5eHnpYjFCR
mWzlBQNr2QJ328q5LHahSdRIAmhtyjbj+w6QKKx688Jl42iKHLgZgtpIqNVK6cek
EsqTsWadgL/s9APpOE7xh+QDVXshO4RwSO+xcaD2IlimuZd9w+7m08JWvDLczRAS
YnbQJ+LCPoase4m4NNdJ6VQ= =z2Uu
-----END PGP PUBLIC KEY BLOCK-----