Security

All payment information is double encrypted as it is entered on the device and is never fully decrypted until it enters the payment gateway for processing by one of ROAM's payment platform partners.
By default, no sensitive data such as card numbers, magnetic stripe information or security codes are stored on your mobile device.
Lost or stolen devices can be remotely disabled from accessing any ROAM applications.
ROAMpay Applications are developed in-house and are PCI DSS, Level 1 certified.

ROAM Data has a PCI certified payment gateway that complies with the highest security standards of the credit card industry.
The default mechanism for transport-level security is Payment Industry standard DES3 with 196-bit length (168-bit key strength).
No anonymous authentication is permitted between ROAM applications and the ROAM Gateway.
Messages are sequenced and hashed (using the SHA-256 algorithm) to protect against tampering in middle-man attacks between ROAM applications and the ROAM Gateway.
Two application-layer security mechanisms - one at the enterprise and one at ROAM - allow either agency to deny any user access to any ROAM application or to any portion of any application whenever deemed necessary.

ROAM Data maintains rigorous operational procedures from development to deployment to comply with PCI DSS Certification.
Secure backups are stored off site.
Physical security at the data center where the ROAM Payment Server is location is fully PCI DSS compliant: including security camera monitoring, access control, criminal background checks on all personnel requesting access, etc.