Security is in our topmost priority, and as such, we do our best to protect the confidentiality of all of your transactions. We make sure that our security system meets standard world-class security practices which are also aligned with standard security practices of local banks, international gateways,and the local government.
We store our service application logic in AWS (Amazon Web Services) cloud infrastructures that provide multiple level security right from the operating system of the host platform, firewall, and API calls.
This means that basic infrastructure running all cloud service such as software, hardware, networking, including all basic security requirement such as guest operating system (OS) and database patching, firewall configuration, and disaster recovery are built to meet the requirements of world-class security standards.
Here are several ways how we make sure the information stored in the cloud is secure:
- HTTPS for secure connections We establish a secure communication sessions through secure HTTP access (HTTPS) when you are accessing our API endpoints. All communication must be made using Secure Sockets Layer (SSL), a cryptographic protocol, meaning that all information sent becomes unreadable to everyone except for our server. This protects your information against malicious attempts such as eavesdropping, tampering, and forgery and against security attacks such as phishing, man-in-the-middle attacks and DDoS attacks.
- ISP Secure Network AWS allows us to provide you with dedicated network devices to manage interfacing communications with Internet Service Providers (ISPs). This is done to make sure that you can access our system securely when connecting with your ISP. We also use leased line to ensure the privacy and security of connection between us and the banks.
All data that flows through our system is important and confidential. It includes personal data, financial data, transaction history, and other information that pass through our system. Here are several measures that we take to keep your data safe:
Restricted access For your privacy, access to all of your personal and financial data that flows through our system is restricted by default. Only Xendit and you, as the owner, can access this data. For maximum security, you must access your data via SSL encrypted endpoints so that the data is transferred securely.
Encryption at rest for sensitive data and communication All information is encrypted using 256-bit Advanced Encryption Standard (AES-256) which is almost impossible to decipher from its encrypted form because the cipher keys are unique and impossible to guess. This level of encryption is highly secure and used most often for communications with banks to maintain the privacy and security of customers.
Data Integrity Verification We regularly verify the integrity of the data on all traffic to check for data corruption.