Note: This article is relevant to merchants integrating with Zepto in Australia.
To do this, we supply a UI that securely receives a customer's online banking credentials and uses them to fetch a list of eligible bank accounts for the customer to select from. This ensures that not only are the bank account details correct but that the customer has access to this bank account.
No caching of requests is performed on our servers
We do not capture or store usernames or passwords
We utilise the highest standards of encryption
During a Zepto transaction, no one can access or see your internet banking login credentials. All communication via Zepto takes place using HTTPS transport level security and no sensitive information is stored (not even cached).
In order to maintain our high-security standards, Zepto Payments has undertaken the following:
We use a proxy server between the customer and the internet banking site, which has advanced security against DNS poisoning and other threats.
We have numerous server-side transaction integrity checks to ensure no tampering
Our development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
Only required personnel have access to the production environment
Our physical infrastructure is hosted and managed in an ISO 27001, SOC 1 & SOC 2, PCI Level 1, FISMA Moderate and SOX certified data centre.
We conduct behavioural monitoring, vulnerability assessment, SIEM and intrusion detection to detect threats and keep our system safe and secure.
Firewalls are utilised to restrict access to systems from external networks and between systems internally.
Feel free to reach out if you have further questions by emailing us directly at firstname.lastname@example.org or clicking on the green bubble icon from the corner of the screen.