Rest assured, your business is in safe hands
NMI goes above and beyond to make sure our payment gateway systems are secure. Get the confidence of knowing that you, your merchants and their customers can transact safely.
PCI DSS Level 1 compliance
NMI has continuously maintained PCI DSS Level 1 certification since 2005, and was one of the first non-bank organizations in the world to hold cross-region compliance. We’re audited annually by independent security assessors to ensure we’re adhering to the industry’s highest level of certification and PCI standards. NMI is listed on Visa’s Global Registry of Service Providers and Mastercard’s Compliant Service Provider List.
Disaster recovery
NMI is built to withstand local and global events. We have a number of data centers in North America, the UK and Europe. Our infrastructure is carefully designed to avoid single points of failure, allowing for continuous service and unrivaled survivability. We only use service providers that maintain at least two physical fiber entry points into our data centers, plus diverse and multiple paths into their own core networks.
Uptime
We’re committed to providing the highest availability so you don’t have to deal with unhappy customers. That means we don’t just troubleshoot errors when they happen: we aim to detect and resolve issues before they impact transaction processing. We check availability from points all over the world every five minutes or less, and our entire infrastructure is monitored around the clock to alert our engineers of potential trouble.
Penetration testing
We’re constantly testing our systems to ensure they’re secure. We perform rigorous automated vulnerability scans several times a month on both our internet-facing and internal infrastructure. A team of on-staff experts and independent third parties also perform intensive penetration testing every six months.
Secured access
The NMI network has been built with minimal access to outside networks and the internet. Internally, we use a series of highly segmented networks so only specific servers can communicate with each other. Access between network segments is highly restricted by robust firewall rules.
Vulnerability Management
All internet-facing and internal infrastructure is updated as soon as security patches are made available by the vendor.
Distributed Denial of Service mitigation
We use a leading third-party DDoS mitigator that quickly scrubs malicious internet traffic when needed.
NMI uses our rigorous cardholder data security measures to comply with the European General Data Protection Regulations (GDPR), maintaining the integrity and confidentiality of all personally identifiable data. We regularly check that in-scope data is current and that the controls to protect it are working.
Download our AoC documents
Attestation of Compliance (TransactionIntel) Last Updated: February 28, 2024
downloadAttestation of Compliance (Omni)
Last Updated March 15, 2024
Attestation of Compliance (Cardease/ChipDNA)
Last Updated: March 28th 2024
Attestation of Compliance (USAePay)
Last Updated: March 29th 2024
Attestation of Compliance (Iris CRM)
Last Updated January 2023