Last Updated: March 21, 2026

Security Policy

At PaySwiift, your security is our top priority. Learn how we protect your information and keep your money safe.

Effective Date: January 1, 2024
Version 1.0.0

Quick Navigation:

Our Commitment Encryption Authentication Monitoring Fraud Prevention Best Practices Incident Response
ISO 27001
Certified
PCI DSS
Level 1
SOC 2 Type II
Audited
GDPR
Compliant
1

Our Security Commitment

"Your security is our foundation"

At PaySwiift, we understand that entrusting us with your money and personal information is a significant responsibility. We are committed to maintaining the highest standards of security to protect your data and transactions.

Our security program is built on three core principles:

Prevention

Proactive measures to stop threats before they reach you

Detection

24/7 monitoring to identify suspicious activity immediately

Response

Rapid action to mitigate any security incidents

We regularly undergo independent security audits and penetration testing to validate our controls. Our team of security experts works around the clock to ensure your information remains safe.

2

Encryption & Data Protection

We use military-grade encryption to protect your data at every stage:

Data at Rest

All sensitive data stored on our servers is encrypted using:

  • AES-256 encryption - The same standard used by governments and militaries worldwide
  • Hardware Security Modules (HSM) for key management
  • Encrypted backups with geographic redundancy

Data in Transit

All information traveling between your device and our servers uses:

  • TLS 1.3 protocol - The latest, most secure encryption standard
  • Perfect Forward Secrecy (PFS)
  • Certificate pinning to prevent man-in-the-middle attacks

End-to-End Encryption

Our mobile app uses end-to-end encryption for all sensitive communications, ensuring that even if data is intercepted, it cannot be read without your unique decryption key.

3

Authentication & Access Control

We provide multiple layers of authentication to ensure only you can access your account:

Password Security

  • Minimum 8 characters required
  • Must include uppercase, lowercase, numbers, and special characters
  • Passwords expire every 90 days
  • Password history prevents reuse of last 10 passwords
  • Breached password detection - we check against known compromised passwords

Multi-Factor Authentication (MFA)

We strongly recommend enabling MFA for additional security:

  • SMS verification - One-time code sent to your phone
  • Authenticator apps - Google Authenticator, Authy, Microsoft Authenticator
  • Biometric authentication - Fingerprint, Face ID, or voice recognition
  • Hardware security keys - YubiKey support
Login Attempt Limits

After 5 failed attempts, your account is locked for 30 minutes

Session Timeout

Automatic logout after 30 minutes of inactivity

Device Management

View and manage all devices with access to your account

New Device Verification: When you log in from a new device, we'll send a verification code to your registered email or phone to confirm it's you.

4

24/7 Security Monitoring

Our security operations center (SOC) monitors your account around the clock for suspicious activity:

What We Monitor:

  • Unusual login locations or times
  • Multiple failed login attempts
  • Unusual transaction patterns or amounts
  • Transactions in high-risk locations
  • Rapid succession of transactions
  • Changes to account settings or contact information

Automated Protection:

  • AI-powered fraud detection - Machine learning models identify patterns indicative of fraud
  • Real-time transaction scoring - Each transaction is risk-scored before approval
  • Behavioral analytics - We learn your typical behavior to spot anomalies
  • Automated blocking - High-risk transactions are blocked automatically

Real-Time Alerts

You'll receive instant notifications via SMS, email, or push notification for:

  • Transactions above your configured threshold
  • Login from new devices or locations
  • Changes to account settings
  • Failed login attempts
5

Fraud Prevention Measures

We employ multiple layers of protection to prevent fraud:

Card Security

  • • EMV chip technology (prevents card cloning)
  • • CVV/CVC verification for online purchases
  • • 3D Secure for online transactions
  • • Card freeze/unfreeze from mobile app
  • • Location-based card controls

Mobile Security

  • • App lock with PIN or biometrics
  • • Remote logout of all devices
  • • Secure enclave for key storage
  • • Jailbreak/root detection
  • • Screenshot blocking in sensitive screens

Identity Verification

  • • KYC verification required
  • • Document verification with liveness detection
  • • Facial recognition for high-value transactions
  • • Knowledge-based authentication (KBA)

Transaction Controls

  • • International transaction toggles
  • • Merchant category blocking
  • • Recurring payment management

Know Your Customer (KYC) Requirements

To comply with anti-money laundering regulations and prevent fraud, we require identity verification. All users must complete KYC verification before making transfers.

6

Security Best Practices

While we implement robust security measures, your actions also play a crucial role in keeping your account safe:

Do's

  • Use a strong, unique password for your banking account
  • Enable multi-factor authentication
  • Keep your contact information up to date
  • Review account statements regularly
  • Log out after each session
  • Use official PaySwiift apps only

Don'ts

  • Never share your password, PIN, or OTP with anyone
  • Don't use public Wi-Fi for banking
  • Don't click suspicious links in emails or texts
  • Never install apps from unknown sources
  • Don't save passwords in browsers
  • Never respond to unsolicited requests for information

Phishing Awareness

We will never ask you for:

  • Your full password
  • Your PIN
  • One-time passwords (OTPs)
  • CVV/CVC codes

If you receive such requests, report them immediately to security@payquin.com

7

Incident Response & Reporting

If you suspect any security issue with your account, take immediate action:

Lost/Stolen Card

Freeze card instantly in app

+1-800-EMERGENCY

Suspicious Activity

Report unauthorized transactions

+1-800-123-4567

Phishing Attempts

Forward suspicious emails

security@payquin.com

Our Incident Response Process:

  1. Immediate containment - We'll freeze affected accounts/cards to prevent further unauthorized access
  2. Investigation - Our security team investigates the incident within 24 hours
  3. Notification - If your data is affected, we'll notify you within 72 hours (as required by law)
  4. Remediation - We implement measures to prevent recurrence
  5. Regulatory reporting - We report significant incidents to relevant authorities

Zero Liability Guarantee: You won't be held responsible for unauthorized transactions reported promptly.

8

Certifications & Compliance

We maintain industry-leading certifications and comply with global security standards:

ISO 27001 Certified
PCI DSS Level 1
SOC 2 Type II
GDPR Compliant
CCPA Compliant
FFIEC Guidelines
NIST Cybersecurity Framework

Regular Audits:

  • Independent third-party security audits (quarterly)
  • Penetration testing by certified ethical hackers
  • Vulnerability assessments and continuous scanning
  • Compliance reviews for regulatory requirements

Security Reports: Qualified customers can request our SOC 2 Type II reports and security certifications under NDA.

Report a Security Issue

If you've discovered a security vulnerability or need to report an incident, contact our security team immediately.

security@payquin.com
PGP key available for encrypted communication. Key ID: 0x12345678

Emergency Security Hotline

For immediate assistance with lost/stolen cards or suspected fraud, call our 24/7 emergency line:

+1-800-EMERGENCY

Available 24 hours a day, 7 days a week

Download PDF Version Print Policy Contact Security Team

Questions About Our Security?

Our security team is available to address any concerns.

security@payquin.com | +1-800-123-4567 | Contact Support

Version 1.0.0 | Last Updated: March 21, 2026 | PaySwiift is a registered financial institution