RapidPay (which comprises the service RapidPay) is operated by Rapid Financial Services Solutions Pty Limited ABN 25 603 888 179, AFSL 485573. In addition, RapidPay is certified PCI DSS compliant.
This Information Security Policy applies only to the RapidPay service, whether delivered via a web page owned and operated by RapidPay or as an imbedded iFrame within a website.
RapidPay’s cloud infrastructure is maintained by the industry leading cloud platform provider, Amazon Web Services (AWS), in multiple unmarked facilities within the Sydney region.
The terms of agreement between RapidPay & AWS, are here: aws.amazon.com/agreement.
AWS has achieved a substantial amount of certification and compliance in industry standards, which recognise best practices in Information Security.
For a full listing of AWS certification and compliance, visit aws.amazon.com/compliance.
RapidPay utilises multiple layers of security controls (software, physical and process based) to protect our client data. This includes, but not limited to:
Local & Network Firewalls
Web Application Firewalls
Intrusion Detection & Prevention Systems
Application White Listing
DDoS Throttling Services
Access Control Lists
Security Patch Management
ITIL Framework (release/incident/change)
Identity and Access Management
Centralised Log Management
Symmetric and Asymmetric Encryption systems
Two Factor Authentication
Secure Code reviews
Separation of Duties
Data Loss Prevention
Externally commissioned penetration testing
Externally commissioned audits
Remote Monitoring & Alerting
Each RapidPay application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet, against eavesdropping, tampering, and message forgery.
Once client data reaches RapidPay's cloud infrastructure, all information is then encrypted at rest, using AES-256, military grade encryption. This is done to protect client information in the event a RapidPay server is compromised by an authorised party.
All RapidPay staff who have direct access to our cloud infrastructure, must go through an extensive vetting process, which includes police background checks, to ensure only bona fide team members are selected to look after our core platform.
RapidPay has been designed to be a highly available, active-active solution. RapidPay services are split over multiple AWS datacentres within the Sydney region. In the event of one data centre going offline in a disaster scenario, the second data centre continues to serve data with minimal, if any, service interruption.
RapidPay's service is designed to scale up as more clients use it at peak times, and then scale down at low times. This scaling allows RapidPay to mitigate external attacks trying to flood our system resources.
RapidPay servers are backed up multiple times daily, weekly and monthly.
RapidPay is monitored 24hours a day, 7 days a week, 365 days a year.
Found a Vulnerability?
At RapidPay, we strive to have the most secure solution we can. If you believe you’ve found a security vulnerability in our platform, please let us know on firstname.lastname@example.org.
Report a Data Breach
If you believe RapidPay client information has become publicly available, outside of RapidPay, please contact us immediately on email@example.com for validation.
RapidPay has a duty of care of our client’s data. If a data breach occurs, we must notify affected clients immediately.
Policy updated March 2018