A lock intertwined with the Paypa Plane logo

Security

Security. Paramount at Paypa Plane.

We enable commercial, business, and institutional banks to power competitive payment strategies, to create enduring relationships with their clients.

In addition to our unwavering commitment to powering competitive payment strategies, Paypa Plane implements state-of-the-art encryption protocols and employs experienced cybersecurity experts who continuously monitor and update our systems to safeguard sensitive financial information and data.

By prioritizing the protection of our clients' data, we instil confidence and trust, enabling our partners to confidently navigate the digital landscape and build long-lasting relationships with their customers.

Compliance
& Certification

ISO 27001 Certified

ISO 27001 Accreditation badge

At Paypa Plane, we prioritise the highest level of information security.

We are proud to be ISO 27001 certified, an internationally recognised standard for information security. Our adherence to this certification demonstrates our ongoing commitment to implement, maintain, and improve an information security management system within our organization.

ISO logo
ISO/IEC 27001
open_in_new

SOC 2 Type 2 Certified

SOC 2 Type 2 badge

Paypa Plane has successfully attained SOC2 Type 2 Certification by meeting the Trust Services Criteria for Security. This certification validates that our system is designed and maintained with robust security measures in place and ensures that our platform operates securely and reliably over an extended period.

AICPA logo
SOC 2® - SOC for Service Organizations
open_in_new

To obtain the most recent SOC2 Type 2 audit report for Paypa Plane, please contact us directly.

Get in touch

Payments
Data Security

Infrastructure Security

Paypa Plane operates in a cloud-based environment in both AWS and Azure, implementing strict mechanisms to ensure resiliency and business continuity. These platforms provide the highest security standards, which are leveraged by a broad range of industries including banking, government, and security agencies.

For further information, please reference the security and compliance pages of;

Encryption

All Paypa Plane web application and API communications are encrypted in transit over Transport Layer Security (TLS) v1.2 or later, and all data at rest is encrypted using AES-256 encryption. We rely on Azure Key Vault to securely maintain our cryptographic encryption keys.

Corporate
Security

Employee
Security

We prioritize the security of our operations by ensuring that all Paypa Plane team members undergo comprehensive background checks before commencing employment, emphasizing the importance of trust and integrity in our workforce.

We also enforce strict security protocols by requiring our staff to acknowledge our robust security policy and sign a confidentiality agreement, reinforcing our commitment to maintaining the confidentiality of our clients' sensitive information.

Additionally, we provide continuous and up-to-date security training throughout the year, empowering our employees to stay vigilant against emerging threats and evolving security challenges.

Identity and
Access
Management

To further enhance security measures, we ensure that our employees utilize unique logins for all systems and enforce two-factor authentication for any systems handling restricted information, adding an extra layer of protection against unauthorized access.

We conduct regular user access reviews to closely monitor and manage user permissions, adhering to the principle of least privilege to limit access to sensitive data only to those who require it for their specific roles and responsibilities.

These stringent measures enable us to maintain a robust security posture and safeguard our clients' valuable data effectively.

Hardware and
Physical
Security

We take comprehensive measures to ensure the physical and digital security of our operations. As part of our efforts, all employee laptops are managed using Mobile Device Management (MDM) software, which enforces stringent controls such as hard drive encryption and anti-virus software, providing an added layer of protection against potential data breaches.

Our headquarters are equipped with key fob access doors, effectively restricting unauthorized entry. To further bolster security, we maintain a closed-circuit television (CCTV) camera system that continuously monitors and records all entrances and exits, while an alarm system serves as an additional safeguard for our premises.

These physical security measures complement our robust digital security protocols, reinforcing the overall integrity and trustworthiness of our operations.

Paypa Plane
Business Portal

White Labels

Customizable Solution

We understand the importance of providing secure and customizable solutions for our White Label clients. Our platform ensures secure authentication through an identity and user management system, offering peace of mind when it comes to accessing sensitive information. We prioritize security by offering multiple Multi-Factor Authentication (MFA) options, adding an extra layer of protection against unauthorized access.

Our platform seamlessly integrates with existing user identity and access control platforms such as Azure, Google, Ping, Okta or other OAuth providers, facilitating a streamlined and secure user experience.

With role-based access control, we enable clients to limit data exposure while allowing individuals to perform their designated tasks efficiently. Our platform also offers defined user groups for your merchant clients, allowing for customization to meet specific requirements and preferences. By customizing read/write permissions for user tiers, we empower clients to tailor access levels according to their unique needs.

At Paypa Plane, we are dedicated to providing secure and flexible solutions that adapt to the diverse requirements of our White Label clients.

End User Access

Payer Portal

We prioritize the highest level of security and user convenience for our Payer/End Users. To ensure maximum protection, Multi-Factor Authentication (MFA) is enabled by default. This approach allows us to strike a balance between robust security measures and minimizing any inconvenience to our users. During the login process, users have the option to choose between Mobile or Email as their preferred login method. The chosen option is then verified through a 6-digit one-time password (OTP) sent to the respective channel, establishing a secure user session.

To maintain ongoing security, this secure session can be re-accessed using a 4-digit PIN number associated with the user's account. In the event that a user logs out or attempts to log in from a new device, a new 6-digit verification code is sent to establish a new and secure session.

If you have further questions regarding our security and compliance, please contact us directly.
Contact Us