Security

Last updated: March 1, 2026

Our Commitment

Security is foundational to everything we build at Core Issuance. As a card issuing platform handling sensitive financial data, we maintain the highest standards of security across our infrastructure, processes, and team.

Infrastructure Security

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Dedicated, isolated environments for each client's card programs
  • Network segmentation with strict firewall rules and intrusion detection
  • Multi-region deployment with automated failover
  • Infrastructure-as-code with immutable deployments
  • 99.99% uptime SLA backed by redundant systems

Application Security

  • Regular penetration testing by independent security firms
  • Automated vulnerability scanning across all codebases
  • Secure software development lifecycle (SSDLC) with mandatory code review
  • Dependency monitoring and automated patching
  • Rate limiting and DDoS protection on all API endpoints
  • Comprehensive audit logging for all system access and data operations

Access Controls

  • Role-based access control (RBAC) with principle of least privilege
  • Multi-factor authentication required for all internal systems
  • API keys scoped per environment (test/live) with granular permissions
  • Hardware security modules (HSMs) for cryptographic key management
  • Privileged access management with session recording

Data Protection

  • PAN data tokenized and stored in isolated, PCI-compliant vaults
  • Sensitive data masked in logs, dashboards, and API responses
  • Automated data classification and handling policies
  • Secure data deletion procedures when retention periods expire

Incident Response

We maintain a documented incident response plan with defined escalation procedures. Our security team monitors systems 24/7 and is prepared to respond to security events promptly. In the event of a data breach, affected customers will be notified within 72 hours as required by applicable regulations.

Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue, please contact us at security@coreissuance.com. We commit to acknowledging reports within 24 hours and working with researchers to address findings.