Log In Sign up
Legal

Security Notice

1. General

Here at Payop we maintain a strict security program aligned with recognized industry standards, designed to:

  • safeguard sensitive data;
  • protect against potential threats or vulnerabilities affecting its security or integrity;
  • prevent any unauthorized access or disclosure of sensitive data;

This notice serves as a guide for our Merchants, Payers/End-Users and guests of our Website and provides information on the following:

  • What security measures we maintain
  • What Merchants, Payers/End-Users and guests of our Website should do if they suspect anything unusual
  • How clients can report suspicious or unauthorized activity
  • How we respond in the event of a security incident

2. Security measures

Payop has documented internal procedures in regards to Information and Communication Technology (“ICT”) policies and procedures which outline security risks management framework, risk mitigation, escalation and reporting, security incident action plans and subsequent improvements on “lessons learned” basis.

Payop implements a broad range of information security measures across organizational, technical, and procedural areas.

In maintaining security measures Payop strictly adheres to the following regulatory references:

  • SO / IEC 27001: 2022 “Information technology. Security Techniques. Information security management systems. Requirements.
  • ISO / IEC 27002: 2022 “Information technologies. Security Techniques. A set of rules for managing information security.”
  • PCI DSS
  • GDPR
  • NIST

Payop protects data using the following measures:

  • Data is encrypted both in transit and at rest;
  • Only authorized personnel can access client information, enforced with multi-factor authentication and strict permissions;
  • We use firewalls, intrusion detection, and secure hosting providers;
  • Regular, encrypted backups are stored securely and tested for recoverability;
  • Our vendors are always subject to checks in regards to their handling of sensitive data and properly following their contractual obligations;
  • Logging and monitoring of any alerts;
  • Malware protection;
  • Regular penetration testing and management of vulnerabilities.
  • Business continuity and disaster recovery plans for uninterrupted process of safeguarding sensitive data and provision of our services.

3. User’s responsibilities

In order for you to stay safe while using Payop you have to follow basic rules to eliminate any risks of your data and access being compromised:

1. Keep your password strong, secure and confidential. You will not employ any password structure or characteristic that results in a password that is predictable or easily guessed including, but not limited to, words in a dictionary, derivatives of user IDs, common character sequences, personal details, or any part of speech. You will never share or reveal your password to anyone. You will not store fixed passwords in any computer files, such as logon scripts or computer programs, unless the passwords have been encrypted with authorized encryption software. You will not be write down your passwords unless a transformation process has concealed them, or they are physically secured, such as placed in a locked file cabinet. Remember to change your password in case of any suspicions of unauthorized access attempts and from time to time.

2. Enable Two-Factor Authentication. Adding another source of authorization like email or phone significantly boosts the security of your data in case your primary credentials are stolen or compromised.

3. Log out of session if required. Do not keep your session active if not used to prevent any unauthorized access from your device on-site. Use proper password system on your device/operating system to avoid unauthorized access.

4. Review activity in your account. Always be aware about any activity within your business and if it corresponds to the activity within your account. If you notice any unexplained and unusual transactions you think were not authorized by you – change your password and other credentials immediately. Contact us to report such an incident.

5. Contact us. In case of any security incidents please contact us at support@payop.com so we can react to the incident, help you protect your data, assess the severity and avoid or mitigate any consequences.

6. Contact your bank and local authorities. In case you suspect you became a victim of fraud, identity theft or other crime, contact your bank for collecting as much data as possible and consider reporting a crime to your relevant law enforcement agency.

4. Security incident reporting

In case you find out about any security or data breach for example:

  • Suspicious or unauthorized account activity;
  • Phishing attempts (email, SMS, phone);
  • Lost or compromised credentials;
  • Suspicious or fraudulent transactions;
  • Device theft or unauthorized device access;
  • Unusual notifications.

You should immediately follow procedures to safeguard your account by changing your passwords, enabling two-factor authentication and contacting us at support@payop.com with email topic “Security Incident – Urgent”. You should further specify:

  • Your name;
  • Your contact details;
  • Description of the incident, data compromised;
  • Any reference data (Merchant IDs, transaction IDs, support ticket IDs, etc.).

5. Summary

In Payop, we are committed to safeguarding any sensitive data. In case you have any questions in regards to this notice please contact us at support@payop.com.

← Previous Next →