Paytient Payments Limited

Product Security

Password and Credential Storage

Paytient enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).

Customer Best Practices

There are simple steps you can take to increase the security of your Paytient account. Check out the Staying Secure section on our website.

Network and Application Security

Data Hosting and Storage

Paytient Payments services and data are hosted in Digital Ocean facilities (AMS3 Amsterdam, The Netherlands) in Europe. The Digital Ocean server AMS3 holds the following certifications – SOC 1 Type II, SOC 2 Type II, ISO/IEC 27001:2013, PCI-DSS. These certification reports are available to download here https://www.digitalocean.com/trust/certification-reports/

Uptime

We have an uptime of 99.99% under our SLA Service Level Agreement with our cloud infrastructure provider Digital Ocean. See the Digital Ocean documentation here https://www.digitalocean.com/docs/platform/droplet-policies/#droplet-service-level-agreement-sla

Failover and Disaster Recovery

Paytient Payments was built with disaster recovery in mind. All of our infrastructure and data are spread across 2 Digital Ocean servers and will continue to work should one or other of those data centres fail.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorised requests getting to our internal network.

Back Ups and Monitoring

On an application level, we produce audit logs for all activity and use AMS3 for archival purposes. All actions taken in the Paytient application are logged.

Permissions and Authentication

Access to customer data is limited to authorised employees who require it for their job. Paytient Payments is served 100% over https. Paytient Payments runs a zero-trust corporate network. We have SAML Single Sign-on (SSO), and strong password policies on Digital Ocean, Blacknight, Google, and Paytient Payments to ensure access to cloud services is protected.

Encryption

All data sent to or from Paytient Payments is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Pentests & Vulnerability Scanning

Paytient Payments uses third party security tools to continuously scan for vulnerabilities. Our team responds to issues raised. Each year we engage third-party security experts to perform detailed penetration tests on the Paytient Payments application and infrastructure.

Incident Response

Paytient Payments implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

Additional Security features

Training

All team members complete Security and Awareness training annually.

Policies

Paytient Payments has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Confidentiality

All team members contracts include a confidentiality agreement.

Security questions?

If you think you may have found a security vulnerability, please get in touch with our security team at hello@paytientpayments.co.uk

Create Recurring Revenue
Get Paid Monthly or Weekly
No More Paperwork
Fully Automated Mandate
Multi Device Signup
Phone Tablet or PC Sign Up