Here are the steps Authvia takes:
24/7, follow the sun Security Operations Monitoring
- Because transactions happen around-the-clock, our security is always-on.
Principle of Least Privilege with infrastructure and system components
- To ensure every user or entity only gets the specific data, resources, and applications needed to complete tasks.
DAST (Dynamic Application Security Testing) and SAST (Static Application Security Testing) for all changes on the platform
- To stay ahead of vulnerabilities to front-end attacks and software source code.
Annual security training is administered to all QA, Engineers, and DevOps employees and contractors.
- To maximize the organizational security competence of our conversational commerce engine.
All data is encoded at rest and in transit.
- At rest:
- All data is encrypted before it enters our database, so it’s secure when stored.
- Access to systems is only granted via JSON Web Token (JWT) digital signatures.
- Payment data is tokenized into a random string of numbers before transmitting.
- In transit:
- We use TLS 1.2 or higher, plus HSTS (HTTP Strict Transport Security). Additionally, AWS (Amazon Web Services) manages server TLS keys and certificates, which are deployed by Application Load Balancers.
Authvia maintains compliance via:
SOC 2L (the highest level of voluntary compliance), PCI-DSS Level 1 Certification, TCPA Certification
Authvia remains non-intrusive to the customer via:
- A unique 4-character code for each payment: to ensure a payment is only being applied to a specific transaction.
- Quiet Period Recognition: so that merchants can only send payment requests during business hours.
- Reminder Limits: that keep partners from spamming consumers.
- Opt-Outs: allowing consumers to stop messaging at any time.