We take user and system protection very seriously. Following are the ways in which we try to protect PayOff and our users.
- TLS - All communication between PayOff and user is protected by "Transport Layer Security" though a valid digital certificate. For more information, please refer to
Public key infrastructure.
- Message Encryption - PayOff has end-to-end message encryption enabled by default for key information exchange.
- Data at Rest Encryption - File system based block level encryption.
- Custom security Layer - Every request received by the PayOff server get's verified against 100's of custom rules before it is processed to ensure we serve only the legitimate users.
- Protection against injection attacks.
- CSP Enabled - Ensure scripts are loaded from trusted domains only.
- Access Key & Secret Key - Apart from protecting user accounts though standard password, we also have more levels of security features offered to users on opt-in basis.
- WAF - Amazon's industry leading web application firewall.
We've added a dedicated page with all security incidents detected by PayOff - shown here to study and analyze various threat vectors by us and other security researchers and experts.
We try our best to provide you with a clean interface but human error is always a possibility. Incase you find any errors, please report from here.