Security & Compliance Measures
At PayEm, we take every measure to ensure the security of your financial data. We do this through numerous ways including:
Multi Factor Authentication
In order to proactively protect your data, PayEm requires each of our users to opt into multi factor authentication, this includes presenting two separate factors in order to log in – such as a password plus a code sent via text.
SAML SSO Account Protection
PayEm supports SSO through your identity provider (i.e. Google or Okta idp) using SAML technology.
All data is transmitted via encryption-in-transit using HTTPS or similar protocol, and is securely stored with encryption-at-rest using AES-256 or higher standards. Where possible, we also leverage in-field encryption to protect extra sensitive information.
Least Privileges and Audit Logging
To ensure secure data access, we follow a least privileges model as standard practice, wherein only a few select people have access to your data, and only when needed to support you. For suit purposes, all data access is logged and monitored.
To test for any potential vulnerabilities on our end, PayEm continuously conducts automated penetration testing.
PayEm is audited on an annual basis by a large external firm to ensure we continue to meet and exceed the requirements of SOC 2 Type II.
To protect against distributed denial-of-service (DDoS) attacks and attempted intrusions into our systems, PayEm uses an industry leading firewall provider. We also enforce rate limiting to prevent brute-force attacks.
Trusted Third Parties
We only work with third parties that adhere to security protocols that meet or exceed our standards.
GDPR & CCPA
At PayEm, we invest significant efforts and resources to ensure that our products and practices comply with global data protection and privacy laws that apply to us and our customers, such as the GDPR and CCPA. PayEm ensures data protection and privacy by design, by combining enterprise-grade security features with comprehensive audits of our policies, applications, systems, and networks.
PayEm is committed to providing our customers with the highest standard of financial data security and has attained both SOC 1 and SOC 2 Type 2 attestation.
We are annually audited by third party accounting firm EY, to meet and exceed the standards of SOC 2 Type II. We place a high priority on information security compliance to protect our customers' personal and financial information. Achieving SOC compliance means that our customers can be assured that their sensitive information is managed with robust security care and that EY has tested the effectiveness of our controls with no deviations.
Our SOC 2 report demonstrates that our processes and practices align with the globally-recognized security, availability, and confidentiality criteria. Undergoing a SOC 2 audit also assists us with continuously improving our overall security processes and procedures.
PayEm’s SOC 1 report provides assurance to customers that their financial information is being managed responsibly with the appropriate levels of security and accuracy. Customers can rest assured knowing that their financial information is managed responsibly and that we are dedicated to protecting our customers’ data, to continuously improving our security measures, and to making ongoing improvements.