Security
Security is essential to everything we do. We’ve built advanced security into our products from the ground up to make them secure by design. Below, we outline how we protect customers’ data. If you have specific questions or concerns, contact us at security@fidelapi.com.
Accessing customer data
Access controls
Role-based access controls are enforced at each layer of infrastructure. Multi-factor authentication is required for access to Fidel infrastructure. All application and user access logs are stored centrally and monitored.
Traffic controls
Fidel API only allows client requests using strong TLS protocols and ciphers. Communication between Fidel infrastructure and financial institutions is transmitted over encrypted tunnels. All client communication with Fidel API requires API key authentication and utilizes cryptographically hashed headers and timestamps to verify authenticity.
Protecting customer data
We can’t access your details, and neither can anyone else. As soon as a customer links their card through a secure SDK iFrame and TLS channel, Fidel encrypts their details with bank-level security encryption. That encryption — or tokenization — replaces the customers’ details with a token ID. so Visa, Mastercard or Amex can let us know when a consenting customer has made a transaction.
Fidel is PCI Level 1 compliant, which means we have been approved by an independent Qualified Security Assessor (QSA) to safely and securely handle cardholder data during credit card transactions. The Payment Card Industry Data Security Standard (PCI DSS - 2006) is an industry-wide standard created by the five largest card networks ensure that card payment processors safely and securely accept, store, process, and transmit cardholder data. All personal information we collect is stored on secure servers. We ensure that the personal information we hold is protected from misuse, interference, loss, unauthorised access, modification or disclosure through various methods including access limitation, and industry-standard Secure Socket Layer (SSL) encryption technology. Security safeguards include data encryption, firewalls, and physical access controls to buildings.
Routine tests
Fidel runs routine (nightly) tests and regularly undergoes external network penetration tests, and third-party code reviews. We publish all issues on our Status page.