Security Policy

A security policy for data protection and card payments includes the following:

  1. Access Control: Limit access to sensitive data and payment systems only to authorized personnel with a need to access such information. Login credentials are strong and periodically updated.

  2. Data Encryption: All sensitive data is encrypted both at rest and in transit, using industry-standard encryption protocols.

  3. Regular Software Updates and Patching: Software used in handling card payments and sensitive data is up-to-date with the latest security patches and software updates.

  4. Audit Trail and Monitoring: A log of all transactions and system access, and monitor these logs for any suspicious activity or potential security breaches.

  5. Incident Response Plan: Well-documented plan for responding to security incidents, including clear roles and responsibilities, communication protocols, and steps to contain and remediate any potential security breaches.

  6. Employee Training: All employees who have access to sensitive data or payment systems receive regular training on security policies and best practices, including how to identify and report potential security threats.

We comply fully with European and Estonian regulations and are permanently supervised by the Rahapesu Andmebüroo.