Your security is our highest priority at Payhero
At Payhero we take security of your data and your customers information VERY seriously.
Payhero is hosted in a dedicated hosting environment with 24x7 security. Physical access to the network is strictly limited and monitored. Private networks are strictly segmented according to function. Restrictive firewalls protect communication entering the network and between private networks. All access to Payhero's network and services is strictly logged.
Audit logs are reviewed on a regular basis. Internal and external network penetration tests are performed on a regular basis by third-parties. Two-factor authentication and strong password controls are required for administrative access.
Physical & Network Security
Payhero uses Amazon's AWS platform and infrastructure. Payhero employees do not have any physical access to our production environments.
Further information on AWS security and infrastructure.
"The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, with military grade perimeter control berms. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in. They are also continually escorted by authorized staff."
In addition to physical security, the AWS platform also provides Payhero significant protection against traditional network security issues on the infrastructure such as
- Distributed Denial Of Service (DDoS) Attacks
- Man In the Middle (MITM) Attacks
- IP Spoofing
- Port Scanning
- Packet sniffing by other tenants
Payhero’s Product and website are subject to periodic manual and automated security audits. Audits are conducted internally as well as by third parties.
Sensitive Information Storage
Credit card information is encrypted and stored in a system completely isolated from Payhero. At no time is unencrypted card data stored on disk either inside Payhero’s system or in the card storage system. Internally card information is referenced only through the use of a token. The token is not derived from card information in any way.
All requests to our website and API are forced to use HTTPS to ensure encrypted communications.
We work continuously to make our systems secure. If you discover any security issues, please submit them to firstname.lastname@example.org. We take security as our highest priority. We will make sure the issue is fixed and updated at the earliest.