As SHOPLAZZA continues to build its brand in the industry, one of the biggest concerns it has is on securing its customer data. Just like any other business, securing customer data is a prerogative that shouldn’t be taken lightly.
To ensure its’ partners, merchants, and end-consumers data are secure, SHOPLAZZA has allocated significant resources to both hardware and software for cyber security purposes across three key areas. They include:
- Encrypting data: SHOPLAZZA a has clear data classification guidelines and we strictly encrypt sensitive data. We have also built an extra layer of ‘protection’— data anonymization, which removes or modifies personal identifiable information that ensures that no one individual will be associated with such data.
- Data partitioning: In a multi-tenant system, the data for each tenant is associated with a unique key and stored in its own module. To guarantee isolation, each module can be held within its own database shard.
- Limit Data Access: SHOPLAZZA has a role-based access control to restrict system access to only authorized users. Each employee has a certain amount of data they can access, depending on their role in the business.
Most importantly, SHOPLAZZA is compliant with the PCI DSS level 1—the highest level of PCI DSS. The PCI DSS has twelve requirements, each of which covers a different aspect of security. With PCI compliance, SHOPLAZZA has an additional level of protection in storing, processing, and transmitting cardholder data.
According to Bing Xia, CTO of SHOPLAZZA, the company also works with technology vendors to deploy sophisticated DDOS and WAF solutions. Xia explained that their dev-ops team has deployed automated security checks in their code pipeline, and is constantly improving the ability of these checks.
“We regularly perform penetration tests with our security teams and are looking for more interaction with the ethical hacker community so that we can work together to find more vulnerabilities,” said Xia.
He added that the main challenge lies in their codebase, which is constantly changing and every change could potentially lead to new vulnerabilities. Hence, other than raising the security around systems to a very high level, the company has deployed a data-centric approach including data discovery, classification, encryption, and tokenization.
At the same time, SHOPLAZZA’s partner Stripe also ensures its users such as SHOPLAZZA are supported and that they are aligned with their security goals and purposes. One way is by helping them to address fraudulent transactions.
“We have launched tools such as Radar and Identity to help our customers detect and block fraud. Radar helps detect and block fraud for any type of business using machine learning that trains on data across various global companies. It is built into Stripe, meaning that users require no additional setup to get started,” stated a Stripe spokesperson.
Meanwhile, Stripe Identity lets companies programmatically confirm the identity of global users and this allows users to prevent attacks from fraudsters while minimizing friction for legitimate customers.
When it comes to navigating the financial regulations of countries SHOPLAZZA has business with, Stripe works with some of the largest and fully-regulated financial institutions around the world to create a platform designed to help SMEs stay up-to-date with new features or changing regulations.
For example, in Singapore, in order to comply with the specific regulatory requirements, Stripe introduced measures such as a usage survey, enhanced identity verification, and the collection of additional Know-Your-Customer (KYC) information.
“Our extensive network and understanding of regulations in various local markets have empowered us to support our users, and in turn, their end customers accordingly. For example, our registration and KYC processes are straightforward for new online users and they are able to onboard onto us within minutes and start running,” stated Stripe.