Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            SECURITY001 - Security overview

            Modified on Mon, 12 May at 3:12 PM

            Security overview

            Security is paramount when dealing with financial transactions and payments. For over 10 years, XTRM has developed and implemented a range of advanced, integrated security measures to ensure system integrity and data protection.

             

            Password Protection

            • Complex Password Access: All user access requires complex passwords with a minimum of 8 characters, including numbers and special characters.

            • SHA Encryption with Salt: All passwords are securely stored using SHA encryption with salting, making them unencryptable.


            Access Controls

            • Access Lockout: Multiple failed login attempts result in account lockout and are logged for security monitoring.
            • IP-Based Access: IP-specific restrictions can be implemented for controlled and secure access.
            • Location-Based Access:  Geographic restrictions can be applied for an additional layer of protection.
            • One Time Passwords (2 step authentication): OTPs are used for added security, with validation based on both device and IP.
            • CAPTCHA Protection: CAPTCHA technology is in place to prevent automated attacks and ensure that only legitimate users gain access.


            Role & Activity Monitoring

            • Advanced Role-Based Access: Multi-tiered, role-specific access allows for granular user permission control across teams and departments.

            • Real-Time KYC Validation  (Know your customer): Immediate verification of individuals and companies during onboarding and payment transactions.

            • Real-Time AML validation  (Anti-Money Laundering): Instant checks on all payment activity to detect and prevent suspicious transactions.


            Data & Network Security

            • Secure Encrypted Data: All data is encrypted both at rest and in transit using state-of-the-art methods. Detailed specifications are available upon request.

            • Regular Independent Site Scans: Third-party vulnerability scans (static and dynamic) are conducted regularly using providers such as Veracode and Trustwave.

            • Firewall Protection: Enterprise-grade firewall systems guard against unauthorized access.

            • Web Application Firewall (WAF): Protection against DoS/DDoS attacks, spam bots, and SQL injection threats.

            • Physically Secure Servers: All servers are housed in highly restricted facilities with secure passkey access and monitoring.

            Compliance & Policies

            • SOC1 and SOC2 Compliant: Certification documentation available upon request.
            • PCI Compliant: Subject to regular external vulnerability assessments.

            • Security Policies: Formal, documented security policies are in place and regularly reviewed.



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0