[Someone]

New and shining can have disadvantages, too. Was your code audited for security?

[arfrank]

Yes, many times over, but always looking for holes, and actually that infrastructure is separate from the pieces that are exposed to public web.

Traditionally, we do it this way too, these piece of the payments ecosystem are all whitelisted IPs for access and MPLC circuits for connections.

[fragmede]

As a credit card issuer, Getfinal's been audited for PCI-DSS compliance.

https://getfinal.com/security/