Safety

EasyTransac Security

Any questions about safety on Easytransac ? Adapted infrastructures, secured back-office, external audits, ... discover our secured solutions for your business

4 Answers
Infrastructure
Hosting

EasyTransac servers are hosted by OVH.
Our servers are integrated with a PCI-DSS certified environment.
Intrusion tests are made quarterly by a vulnerability scanner (Nessus).

Infrastructure

Our infrastructure is made to be isolated (DMZ). The access to our systems go through an extended ACL network (Access Control List).

Analysis & Monitoring

Every access to our services is controlled, referenced and can be read. A complete monitoring of actions performed by the users is also available.

Did we answer your question?
Thank you! If you have any other concerns, please do not hesitate to contact us.
How would you like to contact us?
Call us at:
Secured back-office
Secured framework

Our back-office uses a framework with extra safety measures developped internally.

Numerical and physical filter

EasyTransac filters the IP addresses of the websites accessing our API. All administrator accesses and moderator accesses are enabled only from EasyTransac offices.

TLS protocol

Connection to EasyTransac is made through HTTPS TLS 1.2. protocol, Transport Layer Security is a protocol made to provide security to internet exchanges.

Protection against breaches

The team ensuring EasyTransac’s safety is extremely watchful working against web breaches (XSS, CSRF, SQL injections...). EasyTransac’s login is done through a virtual keyboard to prevent spying on the client’s device.

Login control

EasyTransac keeps a complete record of all connection logs.
We send an alert e-mail in case of a new login from a non registered device.

Did we answer your question?
Thank you! If you have any other concerns, please do not hesitate to contact us.
How would you like to contact us?
Call us at:
Mobile applications
No stored data

EasyTransac has been designed so that no sensitive data is ever stored on your smartphone.
Your device only acts as a support for data transmission, and not as a support for storage. This makes our application even safer.

Safety and authentication

Every access to EasyTransac is inspected with an authentication token with a predetermined validity timestamp. The access to our services is regularly inspected with complete login requests. Know that every authentication token can be revoked at any time by our teams.

Signatures

For enhanced security, we produce an unique authenticity signature for each communication with our services. This signature is tested by our servers as well as the application to guarantee the authenticity and integrity of the communicated data.

« Intelligent » 3D Secure

We developed an algorithm allowing the forced use of 3DSecure under certain conditions, depending on the user, the amount, the card’s origin and other factors... This use allows us to considerably reduce the fraud risk for the merchants and for their customers.

Official distribution

The EasyTransac applications for iOS and Android are distributed only on their respective official stores (App store and Play store), preventing users to get altered or pirated versions of EasyTransac.

Did we answer your question?
Thank you! If you have any other concerns, please do not hesitate to contact us.
How would you like to contact us?
Call us at:
External audits
Intrusion test

Our PCI-DSS servers are tested every three months by the independant organism Security Metrics :

  • Scan made by an approved provider
  • CVSS* Level 1 maximum
  • External link allowing to control our certification
  • Conformity certificate
  • Self-assessment conduction

*Common Vulnerability Scoring System (CVSS) is a rating system standardized for the criticality of vulnerabilities with objective and measurable criteria. This scoring is constituted of 3 measurements called metrics : Basic metrics, time metrics and environmental metrics.

Software audits
  • Software vulnerability tests made in january 2017 by Synopsys (ex-Cigital inc.) :
  • Test realized in Black-box (Real test)
  • Submission of a vulnerability report
  • Breaches correction by EasyTransac’s teams
  • Control of the corrections validated by Synopsys
Did we answer your question?
Thank you! If you have any other concerns, please do not hesitate to contact us.
How would you like to contact us?
Call us at:

Related help categories

If you haven't found your answer here, you can consult these related topics.