Security Is Our First Priority.

Cutting-edge technology with world-class security practices - Rebillia meets and exceeds all security and data protection requirements.

Rebillia Keeps You & Your Customers Secure

Real-Time Authentication

Every action undergoes several live authentication processes as it is made.

Data Encryption

Sensitive data goes through encryption and tokenization processes for maximum security.

Secure Online Channels

For extra security measures, data is splitted and saved in different safe locations.

What Is PCI-DSS?

Payment Card Industry Data Security Standards, or in short PCI-DSS, is a body (Council) of security standards that was formed by several major card vendors such as American Express, Discover, JCB, MasterCard and Visa. The PCI-DSS consist of 12 main requirements which businesses may measure their own payment card security policies, procedures and guidelines. PCI Compliance comes in 4 different variations, known as “levels”. Each level has its limitations and attention to requirements.

PCI Compliance Levels 2,3,4 (will mostly be marketed by the company as “Full PCI Compliance”) require an annual Self-Assessment Questionnaire (“SAQ”) and Quarterly network scans. As these levels are all about “check yourself and be honest about it” – they don’t hold any PCI-DSS certificate and are very limited in terms of how many transactions and how much money the are allowed to process.

PCI Compliance Level 1 is the ONLY security level in this category that is thoroughly checked and tested by a Qualified Security Assessor (“QSA”), certificated by the PCI-DSS council themselves. This level of compliance will also offer a certificate known as Attestation of Compliance (“AOC”) that proves the company has been accepted by the PCI-DSS council and works under the council’s regulations all-year-long. As there is no higher level of PCI-Compliance, even major names in the market (for examples: Bank of America and Chase Bank) go through this process every year.

Tip: In order to know you are dealing with a secure, certificated, company – ask them to provide their AOC.

Your Security Is Our Number 1 Priority

Rebillia Platform is a PCI-DSS level 1 service provider

Don’t let information sensitivity hold your store back! With real-time multi authentications, layered data encryptions and managing information through divided secure channels, Rebillia Platform is a PCI-DSS level 1 compliant service that not only complies to regulations, but sets new bars in online card holder data security.

AOC and Responsibility Agreement available upon request.

What Is GDPR?

The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the 1995 Data Protection Directive. The GDPR enhances EU individual’s privacy rights and places significantly enhanced obligations on organizations handling data. Rebillia Platform is committed to making GDPR a success.

The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. The concept of “personal data” is broadly defined and covers any information relating to an identified or identifiable individual.

The GDPR identifies two entities that may possess personal data. A data controller which decides which data to collect by controling the processing stage of the information. A data processor which is the one that acts according to the data controller to collect, store, retrieve and/or delete personal data.

Rebillia is mainly a data processor, storing/retrieving/charging credit card information or sending emails to customers, where the merchant’s store is the data collector. But when using Rebillia’s “Recurring Orders” product – Rebillia also takes part as a data controller, when it needs to be able to understand what information is a subscription – and “tell itself” (the controller tells the processor) what to do with the information.

Your Customers Are Our Success

Rebillia Platform supports individual rights

Since the founding of the company, Rebillia has always been all about allowing the end-user individual control their information with full visibility, clarity and ease. We keep developing and serving our customers, and theirs, with the same promise.

How Are The Security Standard Being Enforced?

After receiving initial compliance certification, becoming PCI compliant, the PCI-DSS council, and its certified providers, requires every company to complete compliance efforts and acceptance on a periodic basis while maintaining security checks 24/7.

Not only that our certification is periodically renewed by the best PCI auditors in the business (Security Metrics), but by using our PCI compliant services, we actively help our clients exceed their security requirements.

Secure Implementation Guide

Listed below are tips for every merchant to use in order to keep your end of the security at the best it can be

Install and maintain a firewall configuration to protect your internal data.
Use and regularly update an anti-virus software.
Track and monitor all access to sensitive information in your network.
Restrict physical and cyber access to sensitive data in your workplace.
Regularly test your security systems and processes.
Check all external services for PCI compliance documentation.
Assign a unique ID to each person with access to your network.
Do not use pre-supplied default passwords for your accounts’ security.
Our best recommendation – Research companies that provide office network security hardware and software to help you keep your office security up to date. We, at Rebillia, chose Meraki, a Cisco product.

Security FAQs

Must a company be PCI compliant when using a third-party PCI compiant service?
Yes. Altough it is proven that using a PCI compliant third-party service will cut down on the exposure risk, it does not exclude a company from PCI compliance.
Is taking credit card information over the phone PCI compliant?
It could be. Because there is a human factor to it, the way  to be PCI compliant “over the phone” is by passing your personnel through background checks and security awareness trainings. Keep in mind that while processing live credit card information over the phone, the computer/working station and its security content are another major factor for PCI compliance.

Rebillia eliminates the need for extra personnel screening processes by allowing to use a saved credit card also for over the phone purchases without even decrypting or detokenizing the information.

How does Rebillia maintain GDPR compliance?

All information processed, stored or transfered through Rebillia is fully secured, encryped and personal information is only available to authorized viewers (user, and sometimes merchant).

I want to store credit card data. Why use a third-party service?
By self storing credit card data you are taking the risk and responsibility for the data and you will be required to have a QSA (Qualified Security Assessor) come onsite and perform an audit to ensure that you have all of the controls in place necessary to meet the PCI-DSS specifications.

Using Rebillia Platform as a third party, you remove the risks of independently storing card data and give the responsibility to a compamy that specializes in securely dealing with exactly that! And continuously meets and exceeds all of the PCI-DSS requirements.

How does Rebillia handle information removal requests?

Rebillia has automatic processes set up to remove any information marked for deletion. Information will be marked for deletion upon one of the following:

1. A deletion request has been manually made. (Like a customer unsubscribing themselves).

2. An individual removes their own account. By doing that, Rebillia will also remove all information it has on the removed account.

3. Closing a Rebillia account. Rebillia has a system implemented to delete all information related to a specific closed Rebillia account.

Team up with Rebillia