Security and regulatory compliance
Security & compliance

Regulatory compliance and security are the foundation of our platform

We prioritise regulatory compliance, safety, and security as core elements of our platform. By collaborating closely with our banking and technology partners, we ensure the deployment of best-in-class tools and practices to maintain the highest standards of security and compliance

Find out more

Security at Floatpays

We recognise the critical importance of maintaining a secure environment on our platform. Through advanced technologies and stringent protocols, we've established robust security measures to protect our users and uphold the integrity of our systems.

We take care of all the necessary regulatory requirements and manage sensitive financial and employee data to ensure fully compliant financial products and operations.

authentication
Authentication & Authorization

We enforce strict role-based access control and multi-factor authentication to protect our APIs and management functions, ensuring the highest level of data security.

Risk assessment
Risk assesement

We regularly evaluate risks across our data, systems, and infrastructure to stay ahead of potential threats and effectively implement mitigation strategies.

Penetration testing
Penetration testing

Our systems are subjected to regular testing by certified third-party security services to ensure robust protection.

Vulnerability scans
Vulnerability scans

We conduct frequent vulnerability scans to proactively identify and address any threats, maintaining the integrity of our systems.

Training
Training

All Floatpays employees with system access are required to complete annual training on FSCA protocols and best practices

Infrastructure security

Privacy
Privacy

We follow rigorous procedures covering storage and handling of data, to comply with applicable financial and privacy laws.

Audit logs
Audit logs

We collect audit trails for all system-level events of our infrastructure

Data encryption
Data encryption

We use TLS 1.3 and AES 256 encryption to protect data during transit and at rest, ensuring both data integrity and confidentiality.

Segmentation
Segmentation

Our production, sandbox and QA environments are fully segregated with different access control lists.

Network
Network

We maintain strict filters for traffic via security group rules, for both inbound and internal traffic.

Platform security
Product security

Product security

API key and oauth2 scopes
API Key and OAuth 2 Scopes

Access for client systems is scoped by their tokens which ensures that each client can access only the subset of resources designated for them.

JWT token
JWT based token access for customers

Separate JWT based authentication for end users coupled with multi-factor authentication which ensures a specific user has access only to their allowed data and features.

Token expiration
Token expiration

All tokens are short-lived, limiting the possibility of compromise.

SSL certificates
SSL and EV certificates

We use TLS 1.3 and 1.2 certificates and EV certificates to better assure its identity to clients.

Roles and permissions
Roles and permissions

Role-based access controls limit user access to a specific subset of data based on their assigned role when logging into applications.

Availability

redundancy
Redundancy

Our platform is designed for high availability, minimising failover and recovery times.

backups
Backups

All production data is regularly backed up and stored within the same jurisdiction.

Monitoring
Monitoring

Continuous infrastructure monitoring promptly alerts any failures, minimising recovery times.

Business continuity
Business continuity

A tested business continuity plan with separate disaster recovery infrastructure is in place to address disruptions.

Security reporting
Security reporting

At Floatpays, we emphasise the importance of responsible disclosure when it comes to security concerns surrounding our offerings. We value engagement with individuals who report vulnerabilities in a positive and professional manner, ensuring customer protection.

Availability and security

Our accreditations

We hold key accreditations that underscore our commitment to compliance, excellence and professionalism 

FSCANCRPOPIAPASA

Authorised financial services provider under the Financial Advisory and Intermediary Services Act (Act No. 37 of 2002) Licence number: FSP 52120
Registered credit provider in terms of the National Credit Act. Registration number: NCRCP 16757
Registered in terms of the National Payments System Act, 1998, as a Third-Party Payments Provider (PASA)
Registered with the Information Regulator, in terms of Section 55(2) of the Protection of Personal Information Act 4 of 2013 (POPIA)

Fill out the form to request a demo

Thank you! Our sales team will reach out to you soon to introduce you to our exceptional product.
Oh no!
Something went wrong while submitting the form. Please try again or reach out directly to our team at hello@floatpays.co.za