At Payt, every month is Cyber Security Month

Illustration of a man standing next to a computer with finance analytics

Share this article

Written by Ad van 't Hoenderdal
Ad van 't Hoenderdal is Security Manager & Internal Auditor at Payt. He ensures that Payt's systems and information are secured and the right certifications are implemented. He also does the audits for Payt.

This October, the European Union is organising Cyber Security Month for the tenth time. As part of it, all kinds of activities and campaigns are taking place, but it is also an ideal opportunity to draw attention to the measures Payt takes to protect your data. Payt constantly works with privacy-sensitive information. After all, to properly run the debtor process, we need (personal) data from both the debtor and creditor. Moreover, through an iDEAL link, we ensure that payments can be made easily, which means we have digital access to customers’ and users’ bank details. If you work with such privacy-sensitive information within an online platform, you want to make sure your platform’s security is up to scratch. We review a number of angles.

Secure software

If you want to keep up with the needs in the market, you will have to constantly adapt the software. We only take new functionality into use once at least two colleagues have given their approval and a number of automated tests have been completed. Security plays a role in every step. But the customer organisation also influences security. Payt offers the option - and recommends - making two-factor authentication (2FA) mandatory, so that in addition to username and password, an additional code or attribute is required to access data.

Secure Infrastructure

The Payt application is offered from servers in a data centre of AWS, one of the largest providers in this field. Naturally, all data is located in Europe. Encryption takes place on the data traffic. There is protection against malware, such as viruses and ransomware, and the data is backed up. And all kinds of components are duplicated so that availability is optimal - and as agreed. All measures you would expect in this industry. Yet to leave nothing to chance, every year we ask a specialised company to subject the Payt application and infrastructure to a so-called penetration test. They look for vulnerabilities and try to exploit them. Payt is further sympathetic to the concept of ethical hacking and appreciates it when - responsibly - vulnerabilities in our software are reported. If anyone finds a vulnerability in one of our systems, we would like to hear about it. This enables us to take measures as quickly as possible. If it turns out to be a justified report, we offer a reward (bug bounty) in return. This cooperation helps us to protect our customers and our systems even better.

External supervision

But even if we ourselves think we have it right, it is also important to have it assessed objectively. That is why Payt has the above measures, and the management system that ensures that the measures remain effective and appropriate, audited every year by a certification body that does so under the supervision of the Dutch Accreditation Council. Then our performance is measured against two recognised standards, namely ISO27001 (the global standard for information security), and NEN7510 (for healthcare information security in the Netherlands). Payt has held such certificates since 2016.

Continuous improvement

In the security world, you are never done. After all, what is secure today doesn’t have to be tomorrow. Therefore, internally at Payt, we are always keen on improvements and therefore analyse incoming signals from partners, suppliers and peers, as well as results of risk assessments, audits and controls. This can then lead to adjustments in policy, or other technical measures, or renewed attention to phishing mails, for example.

And so at Payt, every month is Cyber Security Month.


Related articles

Illustration of: Today at Payt
Company culture: Job Satisfaction
In this series of blogs, I want to give you a glimpse into a day at Payt. How do we approach things and how do we solve problems? This is part of the company culture. In this blog you can read about what we consider important components for job satisfaction. Curious? Read it in this blog.
Payt wins ‘New Collections Software Team of the Year’
Payt wins ‘New Collections Software Team of the Year’
The entire Payt Team were honoured to have been nominated and now are absolutely delighted to have won 'The New Collections Software Team of the Year' at the Credit Team Awards which took place in Dublin on the 12th November.
Illustration of a man standing next to a computer with finance analytics
Invoice finance software, a new way of financing your growth
This article will give you a clear understanding of how invoicing factors and invoice financing work, so that you can evaluate and select the most suitable and identified financing plan for the company that best works with your business.