Safety

Q: Infrastructure

Hosting EasyTransac servers are hosted by OVH. Our servers are integrated with a PCI-DSS certified environment. Intrusion tests are made quarterly by a vulnerability scanner (Nessus). Infrastructure Our infrastructure is made to be isolated (DMZ). The access to our systems go through an extended ACL network (Access Control List). Analysis & Monitoring Every access to our services is controlled, referenced and can be read. A complete monitoring of actions performed by the users is also available.

Q: Secured back-office

Secured framework Our back-office uses a framework with extra safety measures developped internally. Numerical and physical filter EasyTransac filters the IP addresses of the websites accessing our API. All administrator accesses and moderator accesses are enabled only from EasyTransac offices. TLS protocol Connection to EasyTransac is made through HTTPS TLS 1.2. protocol, Transport Layer Security is a protocol made to provide security to internet exchanges. Protection against breaches The team ensuring EasyTransac’s safety is extremely watchful working against web breaches (XSS, CSRF, SQL injections...). EasyTransac’s login is done through a virtual keyboard to prevent spying on the client’s device. Login control EasyTransac keeps a complete record of all connection logs. We send an alert e-mail in case of a new login from a non registered device.

Q: Mobile applications

No stored data EasyTransac has been designed so that no sensitive data is ever stored on your smartphone. Your device only acts as a support for data transmission, and not as a support for storage. This makes our application even safer. Safety and authentication Every access to EasyTransac is inspected with an authentication token with a predetermined validity timestamp. The access to our services is regularly inspected with complete login requests. Know that every authentication token can be revoked at any time by our teams. Signatures For enhanced security, we produce an unique authenticity signature for each communication with our services. This signature is tested by our servers as well as the application to guarantee the authenticity and integrity of the communicated data. « Intelligent » 3D Secure We developed an algorithm allowing the forced use of 3DSecure under certain conditions, depending on the user, the amount, the card’s origin and other factors... This use allows us to considerably reduce the fraud risk for the merchants and for their customers. Official distribution The EasyTransac applications for iOS and Android are distributed only on their respective official stores (App store and Play store), preventing users to get altered or pirated versions of EasyTransac.

Q: External audits

Intrusion test Our PCI-DSS servers are tested every three months by the independant organism Security Metrics : Scan made by an approved provider CVSS* Level 1 maximum External link allowing to control our certification Conformity certificate Self-assessment conduction *Common Vulnerability Scoring System (CVSS) is a rating system standardized for the criticality of vulnerabilities with objective and measurable criteria. This scoring is constituted of 3 measurements called metrics : Basic metrics, time metrics and environmental metrics. Software audits Software vulnerability tests made in january 2017 by Synopsys (ex-Cigital inc.) : Test realized in Black-box (Real test) Submission of a vulnerability report Breaches correction by EasyTransac’s teams Control of the corrections validated by Synopsys

EasyTransac and security

Any questions about safety on Easytransac ? Adapted infrastructures, secured back-office, external audits, ... discover our secured solutions for your business

4 Answers

Infrastructure

Hosting

EasyTransac servers are hosted by OVH.
Our servers are integrated with a PCI-DSS certified environment.
Intrusion tests are made quarterly by a vulnerability scanner (Nessus).

Infrastructure

Our infrastructure is made to be isolated (DMZ). The access to our systems go through an extended ACL network (Access Control List).

Analysis & Monitoring

Every access to our services is controlled, referenced and can be read. A complete monitoring of actions performed by the users is also available.

Did we answer your question?

Thank you! If you have any other concerns, please do not hesitate to contact us.

How would you like to contact us?

By e-mail

By phone

Call us at:

Secured back-office

Secured framework

Our back-office uses a framework with extra safety measures developped internally.

Numerical and physical filter

EasyTransac filters the IP addresses of the websites accessing our API. All administrator accesses and moderator accesses are enabled only from EasyTransac offices.

TLS protocol

Connection to EasyTransac is made through HTTPS TLS 1.2. protocol, Transport Layer Security is a protocol made to provide security to internet exchanges.

Protection against breaches

The team ensuring EasyTransac’s safety is extremely watchful working against web breaches (XSS, CSRF, SQL injections...). EasyTransac’s login is done through a virtual keyboard to prevent spying on the client’s device.

Login control

EasyTransac keeps a complete record of all connection logs.
We send an alert e-mail in case of a new login from a non registered device.

Did we answer your question?

Thank you! If you have any other concerns, please do not hesitate to contact us.

How would you like to contact us?

By e-mail

By phone

Call us at:

Mobile applications

No stored data

EasyTransac has been designed so that no sensitive data is ever stored on your smartphone.
Your device only acts as a support for data transmission, and not as a support for storage. This makes our application even safer.

Safety and authentication

Every access to EasyTransac is inspected with an authentication token with a predetermined validity timestamp. The access to our services is regularly inspected with complete login requests. Know that every authentication token can be revoked at any time by our teams.

Signatures

For enhanced security, we produce an unique authenticity signature for each communication with our services. This signature is tested by our servers as well as the application to guarantee the authenticity and integrity of the communicated data.

« Intelligent » 3D Secure

We developed an algorithm allowing the forced use of 3DSecure under certain conditions, depending on the user, the amount, the card’s origin and other factors... This use allows us to considerably reduce the fraud risk for the merchants and for their customers.

Official distribution

The EasyTransac applications for iOS and Android are distributed only on their respective official stores (App store and Play store), preventing users to get altered or pirated versions of EasyTransac.

Did we answer your question?

Thank you! If you have any other concerns, please do not hesitate to contact us.

How would you like to contact us?

By e-mail

By phone

Call us at:

External audits

Intrusion test

Our PCI-DSS servers are tested every three months by the independant organism Security Metrics :

Scan made by an approved provider
CVSS* Level 1 maximum
External link allowing to control our certification
Conformity certificate
Self-assessment conduction

*Common Vulnerability Scoring System (CVSS) is a rating system standardized for the criticality of vulnerabilities with objective and measurable criteria. This scoring is constituted of 3 measurements called metrics : Basic metrics, time metrics and environmental metrics.

Software audits

Software vulnerability tests made in january 2017 by Synopsys (ex-Cigital inc.) :
Test realized in Black-box (Real test)
Submission of a vulnerability report
Breaches correction by EasyTransac’s teams
Control of the corrections validated by Synopsys

Did we answer your question?

Thank you! If you have any other concerns, please do not hesitate to contact us.

How would you like to contact us?

By e-mail

By phone

Call us at:

Related help categories

If you haven't found your answer here, you can consult these related topics.

Pricing

Find out more about Easytransac interesting pricing with our online support

1 Answer

Banktransfers

Any questions about banktransfers ? Find your answer here with our online Easytransac support