Plooto - Next Generation Payment Processing Security

Post on 22-Jan-2017

118 views 1 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of Plooto - Next Generation Payment Processing Security

APRIL2016

NextGenerationPaymentSecurityOverview

PlootoInc.NextGenerationPaymentSecurityOverview

Contents

Introduction.................................................................................................1Overview......................................................................................................1PaymentNetwork........................................................................................2CloudPlatformInfrastructure......................................................................3PlootoPlatform............................................................................................3HowPlootoWorks?.....................................................................................5BankAccountValidation..............................................................................5Conclusion...................................................................................................6AboutPlooto................................................................................................6

PlootoInc.NextGenerationPaymentSecurityOverview

Introduction

Paymentsecurityhasgottenalotofattentionlately.Manycompanieshavebecomevictimsoffinancialandsensitivedatabreaches.LackofITspending,complexarchitecture,technologyfragmentationaswellasantiquatedandlegacysystemshaveleftmanycompaniesvulnerabletocyberattacks.ThisispreciselywhyPlooto’snumberonepriorityissecurity.Ourcloudbasedsolutiondeliversthemostsecureandmostuptodatesecuritystandardonparwithmanytopfinancialinstitutions.PlootoconsistentlymeetsorexceedsthestringentsecurityrequirementsofeventhemostsecurityconsciousorganizationsincludingFortune500companies,theworld’slargestfinancialinstitutions,andotherglobalcompanies.ThefollowingoverviewwasdevelopedbyPlootoinordertogiveourcustomersandusersvisibilityontoourcontinuedeffortstoprovidethehighestlevelofsecuritystandards.

Overview

Plootoisabusinesspaymentmanagementplatform.Plootohasbeendesignedfromgroundupwithsecurity,complianceandawidesetofsecurityfeaturesinmind.Thisoverviewidentifiessecurityguidelinesandprocesseswehaveputinplacetoensurecontinuousdeliveryofasecureplatformthatsurpassescustomerexpectations.Plootoempowersbusinessestosend,receiveandmanagedomesticandinternationalpaymentsusingacloud-basedplatform,allwhilemaintaininganunprecedentedsecuritystandardaspartofitscoredevelopmentrequirement.Inthefollowingpages,weprovideanoverviewofoursecurityapproach,whichencompassesanumberofkeyareas,includingoursecuritycertifications&tests.

PlootoInc. NextGenerationPaymentSecurityOverview

PaymentNetwork

AllCanadianpaymentsprocessedthroughPlootoaresettledthroughourpartnershipwithmembersoftheCanadianPaymentAssociation(CPA).Plooto’spaymenttechnologyisbuiltontopoftheexistingbankinginfrastructurewhichisdevelopedandmaintainedbyCPA.CPAisanon-profitorganizationthatoperatesclearingandsettlementsystemsinCanadaandisresponsibleforthefollowing:

• Operateandmaintainnationalsystemsfortheclearingandsettlementofpaymentsandotherarrangementsformakingorexchangingofpayments.

• FacilitatestheinteractionoftheCPA’ssystemswithothersinvolvedintheexchange,clearingandsettlementofpayments.

• Facilitatesthedevelopmentofnewpaymentmethodsandtechnologies.AsatrustedCPApartner,weprocessourpaymentsusingthesametechnologyasusedbythebigfivebanks.PlootocanprocesspaymentstoanyBankorCreditUnioninCanadaandUS.AspartofourintegrationprocesswithCPA,Plootounderwentverificationsandapprovalswithinthefollowingkeyareas:FullcompanybackgroundandriskanalysisFullfinancialandbackgroundauditingofourbusinessprocessesandfinancialswaspreformedbyourbankingpartners.Securedatatransfer/communicationOursystemwasvalidatedforbothincomingandoutgoingdataexchangeusingsecurechannels.SecureFileTransferProtocolisdesignedbyInternetEngineeringTaskForce(IETF)andispoweringdataexchangeformostmajorfinancialinstitutions.SystemintegrationcompatibilityContinuoustestsareperformedtoensurepaymentinstructionsarereflectinguseractionsduringthepaymentcycle.Wealsorundailyteststoensurethatthesystemisresponsiveforbothrecipientandsender’sbankcommunications.InconjunctionwithCPArequirements,we’veimplementedadditionalin-housesecuritymeasuressuchaspolicybasedfundclearing,bankaccountownershipverificationaswellaspersonalidentityverificationforadvancedfeatures.

PlootoInc. NextGenerationPaymentSecurityOverview

CloudPlatformInfrastructure

AllofPlooto’sinfrastructureelementsarehostedbyMicrosoftAzurethroughitsInfrastructureasaService(IaaS)businessunit.Microsoft,withitsuniqueexperienceandscale,deliverscloudservicestomanyoftheworld’sleadingenterprisesandgovernmentagencies.Today,theMicrosoftcloudinfrastructuresupportsover1billioncustomersacrosstheirenterpriseandconsumerservicesin140countriesandsupports10languagesand24currencies.PhysicalsecurityAzureprovidesgeographicallydistributeddatacentersthatcomplywithindustrystandards(suchasISO27001)forphysicalsecurityandavailability.Facilitiesaredesignedtorun24x7x365andemployvariousmeasuresfrompowerfailuretonetworkoutages.Centralizedmonitoringisadministeredbyoperationspersonnel.AntivirusandantimalwareVirusandantimalwaresoftwarescansallproductionandtestingdeploymentsusingindustrycertifiedtoolsthatensurecleanandstableenvironment.Routinelyscheduledscansensurethatintheeventofabreachsystemswillremainthreatfree.NetworkandDataisolationLogicalisolationandsegregatedenvironmentsensureconfidentialdataremainsinaccessibletounauthorizedparties.EncryptingdataatrestandintransitAlltrafficwithinourapplicationisencryptedusingbuilt-incryptographictechnologyusingTDS(TabularDataStream)andSSL(securesocketslayer)whenstoredonAzure’sdatacenters.Thisensuresthatourdataisneverexposedtounauthorizedthirdparties.

PlootoPlatform

Plooto’ssecureplatformencompassesournetworkanddatasecurity,platformsecurityandworkflowsecurity.

Network/DataSecurity

• End-to-EndEncryptionAllcommunicationbetweenusersandPlootoisencryptedusingthelatestSecureHashAlgorithm2(SHA2)SSLCertificates.Thisstandardisbeingutilizedbytopfinancialinstitutionsandensuresnodataisinterceptedbyunauthorizedparties.

PlootoInc. NextGenerationPaymentSecurityOverview

• EncryptedInternalCommunicationAllinternalsystemdataremainsencrypted(usingSSL)topreventloss.

• DataEncryptionAllcustomers’sensitivedataisencryptedusingAES256bit(AdvancedEncryptionStandard).ThisstandardhasbeenwidelyadoptedbyCanadianandU.S.governmentsandisutilizedworldwide.

• DataatRestEncryptionAdditionallevelsofencryptionareappliedtoensuredataisencryptedwhileresidingonphysicalhardware.

PlatformSecurity• StaffBackgroundChecks

OursupportandsecuritypersonnelgothroughathoroughbackgroundchecksbyGardaInc.

• CustomerDataAccessMonitoringAccesstothedatabypersonnelismonitored,auditable,enforcedbyrolesandissecuredthroughmulti-factorauthentication.

• ProactiveSecurityPolicyPlootoenforcespasswordpolicywithenoughentropytobenexttoimpossibletobreak.PasswordsarenotstoredincleartextbutratherhashedusingPBKDF2(Password-BasedKeyDerivationFunction2).Failedauthenticationattemptsaretracked.Additionalattemptswilltriggersecurityverificationandcouldcausetheaccounttobelockedinseverecases.

WorkflowSecurityCustomerswhowanttomirrortheirexistingworkflow(multipleco-signers,accountants,complianceetc.)caneitherselectoneofourdefaultpermissionsorcreatetheirown.

• Choosewhoinitiatespayments• Choosewhoaddsbankaccounts• Choosewhoaddspayees• Choosewhoapprovespayments• Choosewhocustomizescompanyinformation

PlootoInc. NextGenerationPaymentSecurityOverview

HowPlootoWorks?

Plootoworkswithexistingbankinginfrastructuretoreducefrictionandcosts.

Whenatransactionissubmitted,Plootosendstheinstructionstothebankstohavethemtransferthefundsbetweentwoaccounts.Paymentinstructionsaresubjecttosophisticatedalgorithmsbanksuseinordertovalidatetheinformation.

BankAccountValidation

Financialinstitutionsusesophisticatedmathematicalalgorithmstogenerateandauthenticateaccountinformationkeyedintotheirsystem.TransactioninstructionssubmittedbyPloototoabankarevalidatedusingthesealgorithms.ModulusCheckDigitRoutinesusechecksumformulasinordertovalidateaccountnumbers.TheModulus10routineisusedbyPlooto,financialinstitutionsandgovernmentagenciesasamethodofdistinguishingvalidnumbersfrommistypedorotherwiseincorrectnumbers.Thesealgorithmswerespecificallydesignedtoprotectagainstaccidentalerrorswhenenteringbankaccountinformationelectronically.Modulusroutinesinvolvemultiplyingsomeorallofthedigitsinthebranchand/oraccountnumberbyfixednumbers(theweightingfactors).Thereisaspecificweightingfactorforeachdigitusedintheverificationprocess.Theresultofeachmultiplicationissummedandthetotaldividedbyaspecificmodulusnumber. Intheeventbankinginformationisreportedasinvalid,thePlootosystemflagsthetransactionandelectronicallynotifiesoursystemadministrators.

PlootoInc. NextGenerationPaymentSecurityOverview

Conclusion

Plooto’ssecurityapproachiscomprehensive.Wemeetorexceednationalsecuritystandardsanddeliverexceptionalfinancialanddatasecurity.Ourcontinuousimprovementsandwellasclosepartnershipwithleadingtechnologyandpaymentprovidersdemonstratesourcommitmenttoworld-classsecurity.Weconsiderourcustomers’securityprioritynumberone.Oursecurityapproachencompasseseverythingfromourpeopleandprocessestoourplatformandparticipants–senders,receiver,partnersanddevelopers.Ourrobuststrategyallowsustoensuretheconfidentiality,integrity,authenticity,andnonrepudiationofourcustomers’paymentinformation,andenablesustodeliver99.99%averageuptimeandavailabilityofoursystem.

AboutPlooto

Plootoisabusinesspaymentmanagementplatform.Plootoautomatesandstreamlinesthewaycompaniespayoneanother.PlootowasnamedoneofCIX’stop20mostinnovativecompaniesinCanada.ForInquiries:Local(416)479-9656|Toll-free1(844)4PLOOTO(475-6686)|Plooto.co|@PlootoIncAddress:111RichmondStreetWest,5thFloor,Toronto,ON,M5H2G4Copyright©2015-2016Plooto,Inc.Allrightsreserved.Plooto,thePlootologo,aretrademarksorregisteredtrademarksofPlooto,Inc.inCanadaandothercountries.Allothertrademarksandregisteredtrademarksarethepropertyoftheirrespectiveholders.

Top related

Credit Card Payment Processing
 Business
AppointmentQuest Payment Processing Guide
 Documents
Next-Generation Value-Based Payment Strategies
 Documents
Credit Card Payment Processing Companies
 Internet
Abacus Payment Exchange Adds Payment Processing … · Abacus Payment Exchange (APX) is a payment processing platform that works within the company’s AbacusLaw, Amicus Attorney,
 Documents
Payment processing software
 Documents
Payment Processing Tips
 Documents
Quick books payment processing
 Business
Globepay Merchant Payment Processing Agreement
 Documents
Real-Time Payment Processing and Fraud Detection for the ...demo.rtquadrant.com/assets/Hazelcast-payment-processing-special … · Real-Time Payment Processing and Fraud Detection
 Documents
Manual Vs. Online Payment Processing Services
 Economy & Finance
BANKING-INVESTING-PAYMENT PROCESSING - FINANCE …
 Documents
Interface to Acquirint Payment Processing
 Documents
Batch Payment Processing Solution
 Documents
eComTechnology Payment Processing
 Internet
Hosted Payment Processing System
 Documents
E10 Down-Payment Processing
 Documents
Mobile Transaction Payment Processing
 Documents
Payment Processing 101
 Documents
Payment Processing - Columbia University
 Documents

Copyright © 2022 FDOCUMENTS