Securing Your Data.

We prioritize keeping sensitive information secure and protected. So you can rest easy and focus on running your business.

Securing Your Data
curve decoration

Helcim is committed to helping our merchants stay secure and compliant.

We undergo rigorous audits, testing, and inspections to maintain the highest level of compliance in the industry. Our talented team of in-house developers, systems engineers, and security administrators work to maintain strict security standards at all times.

curve decoration

Network Setup.

Helcim's systems and security team take a proactive approach to protect all data that is housed on and moves through our servers. Our firewalls and servers have both Intrusion Detection (IDS) and Intrusion Prevention Systems (IPS) to evaluate incoming traffic and protect against harmful actions.

Our systems and security team perform regular updates to all company systems and can respond quickly to any major vulnerability by applying patches. The company's servers are also hardened using recommended guidelines to increase system security.

Firewall Icon

Firewalls and IDS / IPS

Helcim's security system includes firewalls with both an Intrusion Detection System and an Intrusion Prevention System to protect against both active and passive threats. The systems monitor network traffic and look for any unusual behavior, abnormal traffic, or malicious coding and prevent exploitation of any potential vulnerabilities.

In addition to inclusion on Helcim's firewalls, all servers in our environment are also required to have IDS and IPS installed locally to detect and warn system administrators of unusual activity and to inspect attack data if it occurs. If suspicious activity is identified, the IPS will take the corresponding action required to protect the servers. Alerts are also sent to Helcim's security team for ongoing monitoring and review.

System Updates Icon

System Updates

The servers and networks appliances are regularly updated to ensure all software is up to date. If a major vulnerability is discovered, patches are applied immediately by Helcim's system and security team. Per our compliance, all updates are logged as part of our change-control policies.

curve decoration

Data Management.

By trusting Helcim with sensitive data storage, our merchants are able to shift large portions of their data security and compliance scopes away from their business. This is accomplished using a variety of available tools, including our Card Vault, Helcim.js, hosted payment pages and developer API functionality.

Thousands of merchants trust Helcim to secure the payment and personal information of their customers, removing their own systems from scope. Helcim protects this data by keeping it separate from web servers.

24/7 Icon

Daily Backups

Databases are automatically backed up daily to protect merchants against lost, corrupted, stolen or destroyed data. Backups are performed between data centers, as well as offsite. This is part of our commitment to ensuring ongoing business continuity.

Forder Icon

Data Storage

Transaction, cardholder and merchant data is stored on segregated pools of self-replicating database clusters. Our database server architecture ensures uptime and load balancing of database servers. Sensitive cardholder data is stored for up to 24 months of inactivity. Data between merchants is logically separated and inaccessible. All merchant data access by authorized Helcim staff is logged.

Data from customers and merchants is stored separately from the Helcim web servers. Keeping the databases separate from the web servers provides an additional layer of security and is a practice required as part of our PCI-DSS compliance requirements.

Authentication & Access Controls.

To protect access to Helcim's data and systems, our company implements strong access controls.

This includes the requirement for VPN to all internal systems, controlled definitions of user roles, and the requirement of multi-factor authentication. Local and centralized logging ensures that an audit trail of all network access and activity is available.

Internal office networks are kept separate from Helcim platform environments, and do not feature any wireless accessibility. Internal systems are also only accessible by employees who are locally and physically connected to the network. Virtual Private Networks (VPNs) provide secure remote access to a limited number of systems, while protecting company data and servers.

  • Multi-Factor Authentication

    Helcim requires all staff to use multi-factor authentication when accessing Helcim systems. Multi-factor authentication is also made available to our merchants based on their compliance and internal requirements.

  • Password Protection

    Helcim uses a strict password standard to ensure security. Software settings controlled by Helcim ensure that passwords are always complex in nature, changed regularly, hashed and salted, and that users cannot re-use their previous 13 passwords.

  • Deny-All Policies

    Firewalls deployed to our server environments have deny-all policies enabled by default. All connections for inbound and outbound traffic must be approved and added as new firewall rules.

  • Physical Access

    We only utilize cloud-data center providers with 24/7 onsite security, including physical access controls limited to key personnel utilizing multi-factor authentication, including biometrics.

  • Helcim requires all staff to use multi-factor authentication when accessing Helcim systems. Multi-factor authentication is also made available to our merchants based on their compliance and internal requirements.

  • Helcim uses a strict password standard to ensure security. Software settings controlled by Helcim ensure that passwords are always complex in nature, changed regularly, hashed and salted, and that users cannot re-use their previous 13 passwords.

  • Firewalls deployed to our server environments have deny-all policies enabled by default. All connections for inbound and outbound traffic must be approved and added as new firewall rules.

  • Data centers have 24/7 onsite security. Physical access to environments is limited to key personnel, with multi-factor authentication, including biometrics.

Encryption.

Helcim encrypts all sensitive merchant data and cardholder data using the Advanced Encryption Standard (AES) with 256-bit keys. To meet PCI compliance requirements, all sensitive cardholder fields, including name, card numbers, expiry dates, and cardholder addresses (for AVS) are encrypted when stored. Helcim does not store card-verification-values (CVV), PIN, EMV, nor mag data.

Information in Transit

To protect data in transit, Helcim requires TLS version 1.2 connections to its servers, using a limited set of strong cyphers. This ensures that data is encrypted in transit and maintains its integrity. Outdated standards include SSLv3, TLSv1.0, TLSv1.1 are no longer active on our systems.

Compliance.

Helcim is a Level 1 PCI-DSS compliant service provider, which means we undergo rigorous on-site audits, vulnerability scanning, penetration testing, and inspections to maintain the highest level of compliance with the Payment Card Industry Data Security Standard (PCI-DSS). Security practices from the National Institute of Standards and Technology (NIST) are also followed to maintain the highest level of data security compliance.

Service Uptime.

Helcim devotes significant resources to ensure the most uptime possible for our networks and merchants. These safeguards include redundant virtual environments across cloud-based data centers, using service providers that utilize best industry practices including backup power generation and dual-path power distribution systems. Our infrastructure is also designed to support the rapid scaling of compute resources to manage loads during peak demand and ensure fast and stable service delivery to our merchants.

curve decoration

SaaS Development.

Helcim employs a talented team of in-house programmers who develop all our systems and applications. Building applications in-house ensures that they are built to Helcim's strict security standards and allows our team to work closely with QAs and security staff to identify and correct any potential issues before they become a problem.

Firewall Icon

Secure Coding Practices

All applications are developed in-house, and Helcim developers are trained and regularly updated on the latest secure coding guidelines, including those set by the Open Web Application Security Project (OWASP). Internal development allows our company to maintain tight controls over coding standards, source codes, and deployment cycles.

Clipboard Check Icon

Penetration Testing

Helcim completes regular penetration testing to attempt to identify potential network, systems and application vulnerabilities and determine whether unauthorized access or other malicious activity is possible. Penetration testing is performed both internally by the Helcim security team, and by third party professionals. Vulnerabilities are addressed immediately by both our systems and our development teams.

Scan Icon

Vulnerability Scanning

Regular vulnerability scanning of Helcim's networks and applications identifies potential security concerns. Per compliance requirements, Helcim performs both internal and external network scans, with external scans performed by Approved Scanning Vendors (ASV).

FAQ.

Transparency, low rates, smart tools and amazing service! Many merchants have been dragged through the mud by their prior processor, with hidden fees, contracts, and terrible service. We've built our reputation on being the opposite. We care about building long-term relationships with our merchants - which means offering you the payment service you've been looking for.

Have more questions? Email or give us a call. Our in-house support team is here to share their knowledge, answer your questions and point you in the right direction. No commissions, no pressure.

If your business is looking for a better way to accept credit and debit cards online or in-person, then Helcim is the payments company for you. Helcim offers a wide range of payment tools and software solutions to make it faster and easier for you to get paid.

No! We want to help small businesses grow and thrive, so there are no monthly fees. Your Helcim account allows you to process both in-person and online payments with great low processing rates. You also get full access to all of our merchant tools and benefit from our amazing customer service team.

For Visa, Mastercard, Amex and other card-brands, we offer Interchange Plus pricing to give you complete transparency and greater savings. By passing the base cost directly to you and only charging for a single markup, Interchange Plus pricing gives you significant savings. By knowing our cost as well as our markup, we promote a fully transparent partnership which means no surprises on your monthly statement!

To calculate your rates for in-person and online transactions, you can visit our pricing page.

Yes! And there is no need to call and renegotiate rates. Our Interchange Plus margin automatically decreases the more you process, helping you save even more.

You can view our complete volume discounts on our pricing page.

No! You can close your account anytime without any penalty and there are no hidden fees. You never again have to worry about setup fees, termination fees, quarterly fees, PCI & non-compliance fees, customer service fees, or bank deposit fees.

Deposits will appear in your bank account within 2 business days, depending on the time of day that your transactions are settled. Transactions processed over the weekend or bank holidays are initialized for deposit on the following business day. Your daily transactions are batched together, and deposited to your bank account net of processing fees.

The Helcim Shop is built right into your account dashboard, and is accessible immediately after signing up. You can order card readers, stands, printers and more directly from there.

Shipping is free and takes 2-3 business days via FedEx or UPS ground. Any equipment purchases are charged to your bank account on file. We do not currently offer rentals nor payment plans.

No! You can use your existing bank account, provided by your financial institution or credit union. Sole proprietors can use a personal bank account. Incorporated business and partnerships are required to use a business bank account.

Law firms and other businesses that require separate trust and operating bank accounts are able to customize the flow of deposits and fees to meet their needs.

You can sign up directly on our website using your computer or mobile phone. There is no need for complicated paperwork nor signatures. The signup form takes as little as 5-minutes, asking you to enter basic information about your business, address and contact information.

Once you create your Helcim account, you can begin using it right away! Get started here.

You Deserve Better Payments.

Lower Rates. Better Tools. Amazing Service.

  • Easily Sign Up in Minutes
  • No Hidden Fees or PCI fees
  • Interchange Plus Pricing
  • No Contracts or Commitments
  • Deposits in 1-2 Business Days
  • Friendly Service via Telephone or Email

Service with a :)

We're always willing to help.

New to accepting card payments? We take the time to help you understand how it all works so you can make the best decisions for your business.

  • Speak to a real person, fast
  • Experts you can trust
  • No commission = no pressure
Show more

Have us contact you.

Contact name cannot be blank
Business name cannot be blank
Please provide a valid email address
Phone number cannot be blank

The form was sent successfully!