Security & Compliance
Security and compliance at the core.
Coshine operates with a security-first approach and aligns its processing environment with recognized payment security and information security standards.
Six control domains over a baseline of internationally recognized payment security standards.
Programs and certifications
PCI DSS
Payment Card Industry Data Security Standard — Level 1 service provider scope.
PCI 3DS
3-D Secure Core Security Standard for ACS and 3DS Server operation.
PCI PIN
PIN Security Standard for processing environments handling PIN data.
ISO/IEC 27001
Certified Information Security Management System covering payment processing operations.
MLPS Level 3
China Multi-Level Protection Scheme Level 3 — for environments operating in mainland China.
Independent audit
Annual third-party assessments and scheme-aligned compliance reviews.
Security controls
- Network segmentation between cardholder data environment and corporate network
- Encryption in transit (TLS 1.2+) and at rest (AES-256) for cardholder data
- Hardware Security Module (HSM) backed key management with documented rotation
- Role-based access control with multi-factor authentication for privileged paths
- Centralized audit logging, log retention and tamper-evident archiving
- 24×7 monitoring and incident response with defined SLA
- Vulnerability management and regular penetration testing
- Vendor security review and sub-processor management
A note on scope
Specific certifications and accreditations apply to the entities, environments and services described in the underlying assessment reports. Coshine does not claim certifications it has not undergone, and does not represent that any product meets every requirement of every regulator globally. For project-specific compliance scope, refer to your service agreement.