This October, the European Union is organizing the Cyber Security Month for the tenth time. In this context, various activities and campaigns are taking place, but it is also an ideal opportunity to highlight the measures Payt takes to protect your data. Payt constantly works with privacy-sensitive information. To properly complete the debtor process, we need (personal) data from both the debtor and the creditor. Moreover, through an iDEAL connection, we ensure that payments can be made easily, which means we have digital access to the bank details of customers and users. When working with such privacy-sensitive information within an online platform, you want to be sure that the security of your platform is well organized. We will review several perspectives.
Secure Software
If you want to continue meeting market needs, you must constantly adapt the software. We only implement new functionality after at least two colleagues have approved it and several automated tests have been conducted. Security plays a role in every step. But the client organization also influences security. Payt offers the option—and advises—to make two-factor authentication (2FA) mandatory, so that in addition to a username and password, an extra code or feature is required to access the data.
Secured Infrastructure
The Payt application is offered from servers in an AWS data center, one of the largest providers in this field. Naturally, all data is located in Europe. Data traffic is encrypted. There is protection against malware, such as viruses and ransomware, and the data is backed up. Various components are duplicated to ensure optimal availability according to agreement. All measures you would expect in this industry. To leave nothing to chance, we ask a specialized company every year to subject the Payt application and infrastructure to a so-called penetration test. They look for vulnerabilities and try to exploit them. Payt is also positive about the concept of ethical hacking and appreciates it when vulnerabilities in our software are reported in a responsible manner. If someone finds a weak spot in one of our systems, we would like to hear about it. This allows us to take measures as quickly as possible. If it turns out to be a legitimate report, a reward (bug bounty) is offered. This collaboration helps to better protect our customers and our systems.
External Supervision
Even though we believe we have things well organized, it is also important to have this assessed objectively. Therefore, Payt has the aforementioned measures, and the management system that ensures the measures remain effective and appropriate, audited annually by a certifying body under the supervision of the Accreditation Council. Our performance is then measured against two recognized standards, namely ISO27001 (the global standard for information security) and NEN7510 (for information security in healthcare in the Netherlands). Payt has held such certificates since 2016.
Continuous Improvement
In the security world, you are never finished. What is safe today may not be tomorrow. Therefore, we at Payt are always alert to improvements and analyze incoming signals from partners, suppliers, and peers, as well as results from risk assessments, audits, and inspections. This can lead to policy adjustments, other technical measures, or renewed attention to phishing emails, for example.
And so, at Payt, every month is Cyber Security Month.
