Information Security: our priority
Nexi cares about the security of its customers, always: Nexi has been deploying cutting-edge technologies in the last few years to ensure the highest level of security and trust in all digital interactions.
Nexi’s technologies, processes and practices are continuously improved to ensure the highest security market standard to every transaction managed: the Group’s approach embraces all security aspects starting from strong governance and clear processes seamlessly integrating advanced protection and detection technologies with the human factor.
Nexi effectively plans and deploys focused trainings to all its employees, because people are a key component of its security system: percentage of employees who regularly attend cybersecurity training is always as high as 99%.
Information Security: our approach
As a top Corporate priority, Information Security has been the subject of substantial investment at Nexi in recent years. Nexi has constantly improved the security standards of all its applications and services adopting cutting hedge resilient-by-design and privacy-by-design approaches.
Investments have bolstered Nexi’s security mechanisms at both the organizational and technical levels. All our systems are developed according to few principles that ensure the highest level of security and trust:
- Confidentiality, implying the information can only be accessed by expressly authorized parties (according to the least privilege and need-to-know principles);
- Integrity, implying that information can only be modified by expressly authorized Parties, such that completeness, accuracy and compliance of information is ensured during acquisition, storage, processing and presentation
- Availability, implying that information is expected to be available according to business and compliance requirement by designing, implementing and testing resilient systems
Information Security: our certification
Nexi has set up an information security management system (ISMS) designed in line with ISO standards and best practices within the payments sector.
Nexi Group’s ISMS, covering Nexi Payments, Help Line and Mercury Payment Services activities, also reflects Bank of Italy rules, domestic privacy regulations and laws applicable to the sector, such as mandatory Payment Card Industry Data Security Standard certification, better known as PCI DSS compliance.
Confirming this outstanding and enduring effort, in 2019 Nexi Group obtained seven important certifications for security and operations continuity. Specifically:
- PCI Compliance: Nexi Payments, Help Line and Mercury Payment Services are all PCI DSS‑certified, ensuring payment card data is handled according to Payment Card Industry data security standards. In addition to the general PCI DSS standards, Nexi Payments and Mercury Payment Services have secured PCI PIN, for PIN data management, and PCI 3DS certification. Mercury Payment Services, for its part, has also secured Card Production Physical Security and Card Production Logical Security (PCI CPP and PCI CPL) certifications
- ISO 27001: Nexi Payments has achieved ISO 27001 (Information Security Management) certification
- ISO 22301: Nexi Payments has also obtained ISO 22301 (Security and resilience – Business Continuity Management Systems) certification.