This October, the European Union is organising Cyber Security Month for the tenth time. Alongside the many activities and campaigns taking place, it is also an ideal moment to highlight the measures Payt takes to protect your data. Payt continually works with privacy-sensitive information. To manage the debtor process properly, we require (personal) data from both the debtor and the creditor. In addition, our iDEAL connection enables payments to be made easily, which means we have digital access to the bank details of customers and users. When handling such privacy-sensitive information within an online platform, you want to be confident that security is robust and well managed. Below, we look at this from several angles.
Secure software
To keep meeting market needs, software must constantly evolve. We only implement new functionality once at least two colleagues have approved it and several automated tests have been completed. Security is considered at every stage. However, the client organisation also plays a role in security. Payt offers – and recommends – making two-factor authentication (2FA) mandatory, so that access to data requires not only a username and password, but also an additional code or method of verification.
Secure infrastructure
The Payt application is hosted on servers in an AWS data centre, one of the largest providers in this field. Naturally, all data is stored in Europe. Data traffic is encrypted. We protect against malware, such as viruses and ransomware, and all data is backed up. Key components are duplicated to ensure optimal availability in line with our agreements – all the measures you would expect in this industry.
To leave nothing to chance, we engage a specialist company each year to carry out a penetration test of the Payt application and infrastructure. They search for vulnerabilities and attempt to exploit them. Payt also supports the concept of ethical hacking and appreciates vulnerabilities being reported responsibly. If someone identifies a weakness in one of our systems, we would like to hear about it so we can take action as quickly as possible. If the report proves valid, a reward (bug bounty) is offered. This collaboration helps us to protect our customers and our systems even better.
External oversight
Even when you believe everything is in order, it is essential to have this assessed independently. That is why Payt’s measures – and the management system that ensures they remain effective and appropriate – are audited annually by a certification body under the supervision of the Accreditation Council. Our performance is assessed against two recognised standards: ISO 27001 (the global standard for information security) and NEN 7510 (the standard for information security in healthcare in the Netherlands). Payt has held these certifications since 2016.
Continuous improvement
In the world of security, you are never truly finished. What is safe today may not be safe tomorrow. That is why, at Payt, we remain continuously alert to improvements. We analyse signals from partners, suppliers and peers, as well as the outcomes of risk assessments, audits and inspections. This may lead to policy updates, additional technical measures, or renewed focus on issues such as phishing emails.
And so, at Payt, every month is Cyber Security Month.
