Nvoicepay is committed to be the leader in B2B payments. As part of fulfilling this commitment, Nvoicepay believes in a proactive, multi-layered approach to protect the confidential information belonging to its customers and the vendors they pay. This commitment is backed by industry-standard information security requirements from SOC 1 and SOC 2 to protect your confidential data and ensure the payments are processed as expected.
Security-Aware Support Team
Nvoicepay has highly-trained support staff available to assist you. Nvoicepay employees are provided with extensive security awareness training. This training helps to make users aware of not just information security basics, but also of sophisticated and damaging social engineering attacks.
Network access to confidential payment information is controlled by the implementation of industry-leading firewalls. Only explicitly trusted and configured network traffic is permitted to enter or leave the network.
Information is protected through the use or encryption both in transit and when it is stored at-rest. Strong transport encryption protocols are used to secure data in transit. Transport encryption settings with known vulnerabilities are disabled. Data encryption technology is used to encrypt data at-rest using strong encryption standards.
Anti-Virus and Anti-Malware
Endpoints are frequently scanned for the presence of viruses or malware. The scan reports are reviewed to determine if follow-up action is required.
Access to make changes to Production systems is restricted to authorized users. Business approval is required for all changes made to a Production system. Patch management procedures are established to apply the latest system and security patches.
Leveraging Secure Hosted Service Providers
Nvoicepay leverages strong physical access controls erected by reputable hosted solution providers. These environments provide assurance of physical access protection and reliable physical networking components.
All network traffic between a Production system and the Internet is profiled to identify known malware and network-based attacks. An automated response system blocks the source of malicious traffic and notifies administrators of the identified incidents.
Regular Vulnerability Scanning
Vulnerability scans are performed to identify systems that are susceptible to compromise from known attacks. These reports are distributed to administrators to take appropriate action.
Third Party Verification
Annual compliance audits are performed by third-party assessors to confirm that Nvoicepay is up-to-date with industry standard security requirements and that effective controls are established to prove security requirements are satisfied. A security firm is contracted annually to perform network penetration testing.