Certifications & licensing

Ensuring the availability, integrity and confidentiality of our infrastructure is one of our top priorities.

Preventing security incidents, reducing the potential impact

Providing an online infrastructure for payments comes with great responsibility. Processing data is an important aspect for this infrastructure. Therefore, ensuring the availability, integrity and confidentiality of our infrastructure is one of our top priorities.

IT Security

Our goal is to be as flexible and fast as possible in terms of delivering services to our -customers, while maintaining the highest standards in security and compliance (Jan Saan, CTO)

The goal of CM.com's Information Security is to protect your informational assets against all internal, external, deliberate or accidental threats. We aim to preserve confidentiality, integrity and availability of your data. This means that your data only should be accessed by those with the rights to view it, the data can be relied upon to be accurate and processed correctly and finally, that data can be accessed when needed.

noc cm.com

In order to ensure security, CM.com takes several measures

settings Created with Sketch.

In control

CM.com has support personnel on-site 24/7. Our analysts are continuously monitoring security, performance and connections to suppliers and customers from our Network Operations Centre (NOC).

time-open Created with Sketch.

Active, not reactive

CM.com actively follows relevant changes in legal and compliance requirements, with extensive focus on, for instance, GDPR regulations. More about this can be read below.

group Created with Sketch.

Team effort

IT security is a high priority within CM.com. Clear security guidelines are available and all employees are briefed on their responsibilities to continuously contribute to this.

verification Created with Sketch.

Validate and improve

CM.com validates the results of monitoring the data to improve our infrastructure, coding practices, overall security & compliance and the effectivity of our monitoring processes.

General Data Protection Regulation

On May 25th 2018, the General Data Protection Regulation (GDPR) will come into effect, replacing current privacy regulations. By then, all companies handling personal data will need to adhere to the regulation and be able to demonstrate their compliance to the GDPR.

As a responsible processor and a responsible controller, CM.com has embraced the principles that lie at the base of the GDPR. Moreover, we regularly revisit them to assure our compliance. We have all necessary tools in place to conform to the principle of accountability. Some examples are: a data controller register, data processor registers, and our specific Data Privacy Impact Assessment (DPIA). We follow data privacy principles in the development of all our services.

In addition, we have set up a GDPR compliance roadmap and took corrective actions where necessary. We updated our terms and conditions in April 2018 to comply with the upcoming GDPR and the processing of personal information by CM.com. In updating our terms and conditions, CM.com ensures that we provide you with a service that is compliant, and takes into account the latest regulations,techniques and functionalities in payments.

Online payment processing system

Your customers’ transactions are safe with CM Payments. We, as collecting payment service provider based in the Netherlands, comply with all safety rules and technologies for a secure online payment system. These rules were established by European financial institutions and De Nederlandsche Bank.

Acceptant Payment Service Provider

An APSP (Certified Merchant Payment Service Provider) is an intermediary who mediates between merchants and acquirers with processing debit card payments. Merchants are businessmen and organisations who accept debit card payments (receive). Acquirers are parties that approve and process debit card transactions, such as some banks and transaction processors.

CM.com is a Certified Merchant Payment Service Provider (APSP) and has full authorisation to process debit and credit card payments.

Collecting Payment Service Provider

CPSP stands for Collecting Payment Service Provider. The certification means that the Payment Service Provider was approved by the Betaalvereniging (Dutch Payments Association) and also has an agreement with the Acquiring Bank for accepting iDEAL which is licensed by the Betaalvereniging (Dutch Payments Association).

We are in possession of following licenses:

• VBIN - Verenigde Betaalinstellingen Nederland (United Payment Institutions of the Netherlands)

• Visa Europe

• Mastercard

• Betaalvereniging Nederland (Dutch Payment Association)

• Thuiswinkel Waarborg (Dutch home shopping guarantee organisation)

• Payment Service Directive (PSD)

• PCI DSS Compliancy (Payment Card Industry Standard)

payment provider certifications

About CM Payments

More than a Payment Service Provider

duplicate Created with Sketch.

Payments, identification & communication

As part of CM.com, CM Payments combines the latest in payments solutions with the technical expertise of the CM Platform.

language Created with Sketch.

Active in the European market

CM Payments is an internationally operating provider of payment services, with customers such as Albert Heijn, the Dutch government and ParkMobile.

time-open Created with Sketch.

24/7/365 Monitoring and support

In order to receive payments, it is important that the system is online and functional. That's why we offer 24/7 monitoring and support from our Network Operations Center.

Contact us for more info