July 2022

Securing the Future

In the credit card industry, threats to data security are becoming increasingly complex and advanced by the minute. Today, it is more important than ever to build and maintain leading security measures that are built for the digital world and adaptable for the future. While many companies are building credit card programs every day, not many know what makes a security system effective in today’s world. Here’s how Deserve’s platform utilizes the most advanced and modern technology to prevent and address security threats.

Construction

Building a comprehensive, battle-tested security system is actually a lot like building a house. When you build a new house, you can personally ensure it has everything you want and need built into its foundation. But, if you buy an older house, what you see is often what you get. Of course, you can make changes, but they’ll often be costly and still not as high-quality as a brand-new house.

Wondering how this all relates to security? Essentially, if modern and thorough security measures aren’t included in the fabric of every credit card program, they only get more difficult and expensive to implement down the road. As a cloud-based company, Deserve’s security was built with modern threats in mind, which means that our security measures are more agile and responsive than traditional banks. 

Tokenization

As a digital-first company, we have implemented fully modern and digital security methods to ensure the safety of our company, our partners, and our consumers. As a PCI-compliant company, we tokenize information, which means we don’t technically store sensitive data–we ensure that all sensitive data is replaced with random, nonsensitive data. The nonsensitive data is called a token. Meanwhile, the sensitive data is stored in a separate, undisclosed location and can only be recovered with a secure key. That means that if there’s ever a breach, the only data that will be compromised is nonsensitive tokens, which doesn’t threaten the security of our company, our consumers, or our partners.

To visualize it, think about tokenization as a boat with watertight doors. Even if some water gets on the main deck, the water won’t leak into any enclosed areas, and the situation can be easily contained, managed, and rectified. In the same way, we keep bad actors out of any areas that contain sensitive information. 

Security Information and Event Management (SIEM)

At Deserve, we work with industry-leading vendors to ensure watertight security. Our cloud-based SIEM tracks north-south traffic (also known as traffic coming into and out of our platform), as well as east-west traffic (traffic moving within our platform). This information is not hosted on our infrastructure but on a separate platform so that, like tokenization, the sensitive information is inaccessible to security threats. 

Humans will never be able to anticipate security issues as comprehensively or quickly as artificial intelligence (AI), which is why we use AI and machine learning to notice patterns and trigger an alert if there’s an aberration in the pattern. Thanks to our partner Traceable, our APIs are continuously secured with deep visibility, real-time protection, and threat analytics.

While PCI standards dictate a security scan once a quarter, we run them more frequently because no malicious actor is bound by a schedule. And while scans are a great way to stay ahead of potential issues, we also leverage Bugcrowd and their army of security researchers to continuously probe and poke at our platform to make sure we get the best possible coverage.

Built for you

At the end of the day, we take the security of your data and your customers seriously. Not only have we built industry-leading security from the ground up, but we’re also constantly evolving to make sure your credit card program has the best possible protection. Learn more about Deserve today by visiting our website!

Recent posts