Paytient Payments Limited
Product Security
Password and Credential Storage
Paytient enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).
Customer Best Practices
There are simple steps you can take to increase the security of your Paytient account. Check out the Staying Secure section on our website.
Network and Application Security
Data Hosting and Storage
Paytient Payments services and data are hosted in Digital Ocean facilities (AMS3 Amsterdam, The Netherlands) in Europe. The Digital Ocean server AMS3 holds the following certifications – SOC 1 Type II, SOC 2 Type II, ISO/IEC 27001:2013, PCI-DSS. These certification reports are available to download here https://www.digitalocean.com/trust/certification-reports/
Uptime
We have an uptime of 99.99% under our SLA Service Level Agreement with our cloud infrastructure provider Digital Ocean. See the Digital Ocean documentation here https://www.digitalocean.com/docs/platform/droplet-policies/#droplet-service-level-agreement-sla
Failover and Disaster Recovery
Paytient Payments was built with disaster recovery in mind. All of our infrastructure and data are spread across 2 Digital Ocean servers and will continue to work should one or other of those data centres fail.
Virtual Private Cloud
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorised requests getting to our internal network.
Back Ups and Monitoring
On an application level, we produce audit logs for all activity and use AMS3 for archival purposes. All actions taken in the Paytient application are logged.
Permissions and Authentication
Access to customer data is limited to authorised employees who require it for their job. Paytient Payments is served 100% over https. Paytient Payments runs a zero-trust corporate network. We have SAML Single Sign-on (SSO), and strong password policies on Digital Ocean, Blacknight, Google, and Paytient Payments to ensure access to cloud services is protected.
Encryption
All data sent to or from Paytient Payments is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Pentests & Vulnerability Scanning
Paytient Payments uses third party security tools to continuously scan for vulnerabilities. Our team responds to issues raised. Each year we engage third-party security experts to perform detailed penetration tests on the Paytient Payments application and infrastructure.
Incident Response
Paytient Payments implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
Additional Security features
Training
All team members complete Security and Awareness training annually.
Policies
Paytient Payments has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Confidentiality
All team members contracts include a confidentiality agreement.
Security questions?
If you think you may have found a security vulnerability, please get in touch with our security team at hello@paytientpayments.co.uk