At Payt, every month is Cyber Security Month
This October, the European Union is organising Cyber Security Month for the tenth time. As part of it, all kinds of activities and campaigns are taking place, but it is also an ideal opportunity to draw attention to the measures Payt takes to protect your data. Payt constantly works with privacy-sensitive information. After all, to properly run the debtor process, we need (personal) data from both the debtor and creditor. Moreover, through an iDEAL link, we ensure that payments can be made easily, which means we have digital access to customers’ and users’ bank details. If you work with such privacy-sensitive information within an online platform, you want to make sure your platform’s security is up to scratch. We review a number of angles.
If you want to keep up with the needs in the market, you will have to constantly adapt the software. We only take new functionality into use once at least two colleagues have given their approval and a number of automated tests have been completed. Security plays a role in every step. But the customer organisation also influences security. Payt offers the option - and recommends - making two-factor authentication (2FA) mandatory, so that in addition to username and password, an additional code or attribute is required to access data.
The Payt application is offered from servers in a data centre of AWS, one of the largest providers in this field. Naturally, all data is located in Europe. Encryption takes place on the data traffic. There is protection against malware, such as viruses and ransomware, and the data is backed up. And all kinds of components are duplicated so that availability is optimal - and as agreed. All measures you would expect in this industry. Yet to leave nothing to chance, every year we ask a specialised company to subject the Payt application and infrastructure to a so-called penetration test. They look for vulnerabilities and try to exploit them. Payt is further sympathetic to the concept of ethical hacking and appreciates it when - responsibly - vulnerabilities in our software are reported. If anyone finds a vulnerability in one of our systems, we would like to hear about it. This enables us to take measures as quickly as possible. If it turns out to be a justified report, we offer a reward (bug bounty) in return. This cooperation helps us to protect our customers and our systems even better.
But even if we ourselves think we have it right, it is also important to have it assessed objectively. That is why Payt has the above measures, and the management system that ensures that the measures remain effective and appropriate, audited every year by a certification body that does so under the supervision of the Dutch Accreditation Council. Then our performance is measured against two recognised standards, namely ISO27001 (the global standard for information security), and NEN7510 (for healthcare information security in the Netherlands). Payt has held such certificates since 2016.
In the security world, you are never done. After all, what is secure today doesn’t have to be tomorrow. Therefore, internally at Payt, we are always keen on improvements and therefore analyse incoming signals from partners, suppliers and peers, as well as results of risk assessments, audits and controls. This can then lead to adjustments in policy, or other technical measures, or renewed attention to phishing mails, for example.
And so at Payt, every month is Cyber Security Month.