We hear your concerns. We understand them. Security is a priority to NoFraud,
Personnel and Facilities
All members of our team have completed background checks and have gone through security training. Access to offices and systems is done through a defined process as is the removal of it (when needed).
Development
For the platform, security discussions start with feature development. On top of functionality of the feature, we immediately take into consideration the privacy and security requirements as part of it. Once the implementation of the feature starts, our SLDC (Software Development Lifecycle Process) has security validation steps, from code reviews through automated code verification for potential security issues.
Applications
Our applications are split into several components. Each of them has a strong, well defined role in the overall system, controlling access to its features and data as needed, providing minimal possible visibility of the data and interaction between components.
Data
The data itself is transmitted, handled and stored securely. The most secure data (credit cards, passwords) is stored with irreversible, one way encryption, so it’s never possible for the data to be visible in its original form. Access to the data is controlled and audited. Data is regularly backed up.
NoFraud will acknowledge any confirmed data security vulnerabilities within 24 hours.
Systems
All of our systems are hosted in AWS (Amazon Web Services), and we use several AWS security products to configure high levels of security and monitor access to the systems. On top of that, we use third party products such as anti virus and file and network intrusion detection to monitor potential attacks.
Monitoring
Once the applications are live, we monitor various metrics to verify systems and applications are operating correctly. Based on those metrics, we have specific alarms that will alert the engineering team of potential issues, whether they are operational or security related, and on-call rotations to respond to those alarms.
Certifications
Don’t take our word for it! Every year, we engage third party vendors to certify our platform for Level 1 PCI and SOC Type II compliance, as well as to perform security penetration testing (Pentest). Any improvements and recommendations are prioritized for design and implementation to make sure our systems are up to the highest security standards in the industry.
