Safety
EasyTransac and security
Any questions about safety on Easytransac ? Adapted infrastructures, secured back-office, external audits, ... discover our secured solutions for your business
Infrastructure
EasyTransac servers are hosted by Google Cloud Platform.
Our servers are integrated with a PCI-DSS certified environment.
Intrusion tests are made quarterly by a vulnerability scanner (Nessus).
Our infrastructure is made to be isolated (DMZ). The access to our systems go through an extended ACL network (Access Control List).
Every access to our services is controlled, referenced and can be read. A complete monitoring of actions performed by the users is also available.
Secured back-office
Our back-office uses a framework with extra safety measures developped internally.
EasyTransac filters the IP addresses of the websites accessing our API. All administrator accesses and moderator accesses are enabled only from EasyTransac offices.
Connection to EasyTransac is made through HTTPS TLS 1.2. protocol, Transport Layer Security is a protocol made to provide security to internet exchanges.
The team ensuring EasyTransac’s safety is extremely watchful working against web breaches (XSS, CSRF, SQL injections...). EasyTransac’s login is done through a virtual keyboard to prevent spying on the client’s device.
EasyTransac keeps a complete record of all connection logs.
We send an alert e-mail in case of a new login from a non registered device.
Mobile applications
EasyTransac has been designed so that no sensitive data is ever stored on your smartphone.
Your device only acts as a support for data transmission, and not as a support for storage. This makes our application even safer.
Every access to EasyTransac is inspected with an authentication token with a predetermined validity timestamp. The access to our services is regularly inspected with complete login requests. Know that every authentication token can be revoked at any time by our teams.
For enhanced security, we produce an unique authenticity signature for each communication with our services. This signature is tested by our servers as well as the application to guarantee the authenticity and integrity of the communicated data.
We developed an algorithm allowing the forced use of 3DSecure under certain conditions, depending on the user, the amount, the card’s origin and other factors... This use allows us to considerably reduce the fraud risk for the merchants and for their customers.
Official distributionThe EasyTransac applications for iOS and Android are distributed only on their respective official stores (App store and Play store), preventing users to get altered or pirated versions of EasyTransac.
External audits
Our PCI-DSS servers are tested every three months by the independant organism Security Metrics :
- Scan made by an approved provider
- CVSS* Level 1 maximum
- External link allowing to control our certification
- Conformity certificate
- Self-assessment conduction
*Common Vulnerability Scoring System (CVSS) is a rating system standardized for the criticality of vulnerabilities with objective and measurable criteria. This scoring is constituted of 3 measurements called metrics : Basic metrics, time metrics and environmental metrics.
- Software vulnerability tests made in january 2017 by Synopsys (ex-Cigital inc.) :
- Test realized in Black-box (Real test)
- Submission of a vulnerability report
- Breaches correction by EasyTransac’s teams
- Control of the corrections validated by Synopsys
Related help categories
If you haven't found your answer here, you can consult these related topics.