Security Considerations

We recognize that security is a primary concern to any online business and to businesses in the payment industry in particular. With numerous threats confronting online businesses and their customers every day, we have made it our number one priority to safeguard your payment processes and data.

In this section we explain what we do to keep your data safe and your customers protected. We also laid out the steps you can take to develop and maintain a proactive security strategy in your organization.

Payment Card Industry Data Security Standard (PCI DSS)

Zooz is certified to PCI Service Provider Level 1. This is the highest level of certification available in the payments industry. You can find us on Visa’s Global Registry of Service Providers.

Single Sign-on (SSO)

Single sign-on (SSO) is a session and user authentication service that enables users to securely authenticate with multiple applications and websites using one set of login credentials. With SSO, your organization’s password policy and authentication requirements are enforced upon user login, passwords are kept with your preferred identity provider (Idp) and users have the same login experience across all applications in the enterprise.

Implementing SSO with PaymentsOS based on SAML 2

If desired, we can configure your PaymentsOS environment to use SSO based on the XML-based Security Assertion Markup Language (SAML) 2 protocol. With SAML, you can transfer user information between services, such as from Okta to PaymentsOS.

If you want us to configure your PaymentsOS environment to use SSO based on the SAML 2 protocol, provide us with the following:

  • SSO provider name

  • The metadata.xml file holding the XML metadata of the SAML Identity Provider

We will then send you the following information that you can use to update the idP:

  • PaymentsOS metadata.xml

  • Related domain

  • SSO URL

  • Audience URI

  • Default RelayState

Responsible Disclosure Policy

At Zooz we value the security community and believe that a responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users. We also value the hard work that goes into security research. If you have discovered a security vulnerability in our website or API, we appreciate your help in disclosing it to us in a responsible manner. To show our appreciation for security researchers, we operate a bug bounty (reward) program for those who have responsibly disclosed vulnerabilities to us.

Last modified March 16, 2023