Security Considerations

We recognize that security is a primary concern to any online business and to businesses in the payment industry in particular. With numerous threats confronting online businesses and their customers every day, we have made it our number one priority to safeguard your payment processes and data.

In this section we explain what we do to keep your data safe and your customers protected. We also laid out the steps you can take to develop and maintain a proactive security strategy in your organization.

Note

Naturally, there are many ways to protect your enterprise from malicious schemes. The information in this topic is therefore by no means conclusive and is continuously being updated.

Payment Card Industry Data Security Standard (PCI DSS)

Zooz is certified to PCI Service Provider Level 1. This is the highest level of certification available in the payments industry. You can find us on Visa’s Global Registry of Service Providers.

Single Sign-on (SSO)

Single sign-on (SSO) is a session and user authentication service that enables users to securely authenticate with multiple applications and websites using one set of login credentials. With SSO, your organization’s password policy and authentication requirements are enforced upon user login, passwords are kept with your preferred identity provider (Idp) and users have the same login experience across all applications in the enterprise.

Implementing SSO with PaymentsOS based on SAML 2

If desired, we can configure your PaymentsOS environment to use SSO based on the XML-based Security Assertion Markup Language (SAML) 2 protocol. With SAML, you can transfer user information between services, such as from Okta to PaymentsOS.

About SAML

SAML transactions use Extensible Markup Language (XML) for standardized communications between the identity provider and service providers. SAML works by passing information about users, logins, and attributes between the identity provider and service providers. Each user logs in once to Single Sign On with the identity provider, after which the identity provider can pass SAML attributes to the service provider when the user attempts to access those services. The service provider then requests the authorization and authentication from the identity provider. Since both of those systems speak the same language – SAML – the user only needs to log in once.

If you want us to configure your PaymentsOS environment to use SSO based on the SAML 2 protocol, provide us with the following:

  • SSO provider name

  • The metadata.xml file holding the XML metadata of the SAML Identity Provider

We will then send you the following information that you can use to update the idP:

  • PaymentsOS metadata.xml

  • Related domain

  • SSO URL

  • Audience URI

  • Default RelayState

Configuring SSO as the only option for logging in

We can enforce SSO as the only option for logging into PaymentsOS. If you want us to do so, contact our support desk so that they can configure this for you.

Responsible Disclosure Policy

At Zooz we value the security community and believe that a responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users. We also value the hard work that goes into security research. If you have discovered a security vulnerability in our website or API, we appreciate your help in disclosing it to us in a responsible manner. To show our appreciation for security researchers, we operate a bug bounty (reward) program for those who have responsibly disclosed vulnerabilities to us.

results matching ""

    No results matching ""