Checkout and
Platform Security

We hear your concerns. We understand them. Security is a priority to NoFraud,
and as such, it’s woven throughout the product and data lifecycle from day one.

Personnel and Facilities

All members of our team have completed background checks and have gone through security training. Access to offices and systems is done through a defined process as is the removal of it (when needed).


Development

For the platform, security discussions start with feature development. On top of functionality of the feature, we immediately take into consideration the privacy and security requirements as part of it. Once the implementation of the feature starts, our SLDC (Software Development Lifecycle Process) has security validation steps, from code reviews through automated code verification for potential security issues.


Applications

Our applications are split into several components. Each of them has a strong, well defined role in the overall system, controlling access to its features and data as needed, providing minimal possible visibility of the data and interaction between components.


Data

The data itself is transmitted, handled and stored securely. The most secure data (credit cards, passwords) is stored with irreversible, one way encryption, so it’s never possible for the data to be visible in its original form. Access to the data is controlled and audited. Data is regularly backed up.


Systems

All of our systems are hosted in AWS (Amazon Web Services), and we use several AWS security products to configure high levels of security and monitor access to the systems. On top of that, we use third party products such as anti virus and file and network intrusion detection to monitor potential attacks.


Monitoring

Once the applications are live, we monitor various metrics to verify systems and applications are operating correctly. Based on those metrics, we have specific alarms that will alert the engineering team of potential issues, whether they are operational or security related, and on-call rotations to respond to those alarms.


Certifications

Don’t take our word for it! Every year, we engage third party vendors to certify our platform for Level 1 PCI and SOC Type II compliance, as well as to perform security penetration testing (Pentest). Any improvements and recommendations are prioritized for design and implementation to make sure our systems are up to the highest security standards in the industry.

Ready to learn more?

Book a demo and see our accurate real-time fraud screening for eCommerce in action.

Ready to learn more?

Book a demo and see our accurate real-time fraud screening for eCommerce in action.