At Payt, every month is Cyber Security Month

Illustration of a man standing next to a computer with finance analytics

This October, the European Union is organising Cyber Security Month for the tenth time. As part of it, all kinds of activities and campaigns are taking place, but it is also an ideal opportunity to draw attention to the measures Payt takes to protect your data. Payt constantly works with privacy-sensitive information. After all, to properly run the debtor process, we need (personal) data from both the debtor and creditor. Moreover, through an iDEAL link, we ensure that payments can be made easily, which means we have digital access to customers’ and users’ bank details. If you work with such privacy-sensitive information within an online platform, you want to make sure your platform’s security is up to scratch. We review a number of angles.

Secure software

If you want to keep up with the needs in the market, you will have to constantly adapt the software. We only take new functionality into use once at least two colleagues have given their approval and a number of automated tests have been completed. Security plays a role in every step. But the customer organisation also influences security. Payt offers the option - and recommends - making two-factor authentication (2FA) mandatory, so that in addition to username and password, an additional code or attribute is required to access data.

Secure Infrastructure

The Payt application is offered from servers in a data centre of AWS, one of the largest providers in this field. Naturally, all data is located in Europe. Encryption takes place on the data traffic. There is protection against malware, such as viruses and ransomware, and the data is backed up. And all kinds of components are duplicated so that availability is optimal - and as agreed. All measures you would expect in this industry. Yet to leave nothing to chance, every year we ask a specialised company to subject the Payt application and infrastructure to a so-called penetration test. They look for vulnerabilities and try to exploit them. Payt is further sympathetic to the concept of ethical hacking and appreciates it when - responsibly - vulnerabilities in our software are reported. If anyone finds a vulnerability in one of our systems, we would like to hear about it. This enables us to take measures as quickly as possible. If it turns out to be a justified report, we offer a reward (bug bounty) in return. This cooperation helps us to protect our customers and our systems even better.

External supervision

But even if we ourselves think we have it right, it is also important to have it assessed objectively. That is why Payt has the above measures, and the management system that ensures that the measures remain effective and appropriate, audited every year by a certification body that does so under the supervision of the Dutch Accreditation Council. Then our performance is measured against two recognised standards, namely ISO27001 (the global standard for information security), and NEN7510 (for healthcare information security in the Netherlands). Payt has held such certificates since 2016.

Continuous improvement

In the security world, you are never done. After all, what is secure today doesn’t have to be tomorrow. Therefore, internally at Payt, we are always keen on improvements and therefore analyse incoming signals from partners, suppliers and peers, as well as results of risk assessments, audits and controls. This can then lead to adjustments in policy, or other technical measures, or renewed attention to phishing mails, for example.

And so at Payt, every month is Cyber Security Month.

Written by Ad van 't Hoenderdal LinkedIn profile
Ad van 't Hoenderdal is Security Manager & Internal Auditor at Payt. He ensures that Payt's systems and information are secured and the right certifications are implemented. He also does the audits for Payt.

Share this article

Related articles

Payt 10 years logo
It seems like everyone is working on separate projects, but everyone functions like a vital component of a unified system - Jake Eggen, Developer
It took me a while to get used to it at first, as is always the case when you start working at a new company. I noticed that everyone was working very independently, each in their own little corner. After a few days at Payt, I thought very differently about this.
Payt 10 years logo
If you're looking for a workplace with an excellent work environment, learning opportunities, and fantastic colleagues, then Payt Software is definitely worth considering - Ivan Malykh, Developer
The past five years, I've had the pleasure of working at Payt Software, a company that has provided me with valuable experiences and opportunities.
Payt 10 years logo
The art is to do very special things within sectoral issues using Payt's standard cloud software, purely based on configuration - Jeroen Krosse, Managing Board
I double-checked just to be sure. It turns out that I've been working at Payt since early 2020. That's not even that long ago. At the same time, I can barely imagine what the working life was like before that; Payt has become ingrained in my DNA!