Built with security top of mind. Customer trust and data security is a priority at Prommt.
Merchant data is safeguarded with enterprise level security embedded within the platform and payment journeys. We are PCI Level 1 certified. Payments made via bank are conducted using PSD2/open banking protocols and protected by industry-standard banking security. Customer data is managed in compliance with EU GDPR, UK Data Protection Act 2018 & PIPEDA in Canada.
Prommt has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. Card storage and recurring payments are facilitated with tokens, rather than card numbers.
We conduct regular audits, vulnerability scans and pen-tests with our independent Qualified Security Assessor. Our Attestation of Compliance (AOC) is available on request.
Prommt’s payment journey begins with Email and SMS, directing the customer to a payment page embedded in the client website in an iframe, and ending with an Email receipt and Alert to the merchant to confirm the outcome – whether successful or not. Links are sent from the merchant’s email address, containing a recognisable URL on their website, with a secure payment form for card and bank payments. This payment journey is visibly native to the retailer, providing confidence and reassurance to the payer.
Security by Design
Prommt follows the OWASP standard for generating secure code and preventing the most critical security risks to web applications. Our technology stack is supported by top tier providers like Amazon Web Services to ensure best in class security, response time and uptime. We have uptime of 99.9% or higher.
Prommt enforces a password complexity standard and securely stores credentials using a PBKDF function (bcrypt). 2-factor authentication (2FA) is available to all accounts. Account owners can set permission levels for all roles within the account, restricting access to sensitive capabilities like refunds.
All employees are required to complete Security and Awareness training annually. Prommt has developed a comprehensive set of security policies covering a range of topics.
Monitoring and Backup
All actions taken on production consoles or in the Prommt application are logged, monitored and set with alerting. Prommt utilises multiple availability zones which provide redundancy in case of failure with thoroughly tested Disaster Recovery procedures.