Safe and secure transactions
At Altura, security is a top priority. Users trust us with their sensitive data, and we continuously evolve our security measures to meet the highest standards of the global financial industry.
Safe and secure transactions
Compliance is deeply ingrained in our corporate culture and operational practices. Our compliance framework is built on four key pillars.
PCI DSS
Altura complies with PCI DSS v4.0, one of the most stringent security standards in the payment industry, ensuring secure payment card processing.
ISO 27701
We are aligned with the protection and privacy of processed data based on the principles established in GDPR (General Data Protection Regulation) for the protection of personal data by being ISO 27701 compliance.
ISO 27001
Altura is also ISO 27001 certified which demonstrates our commitment to operating a mature security program.
SOC2
Altura is SOC 2 Type 2 compliant, guaranteeing strict controls over security and privacy.
Secure & resilient infrastructure
Altura's infrastructure is built on the AWS Well-Architected Framework, ensuring top-tier security, reliability, and encryption. With industry-leading protections for data in transit and at rest, we safeguard every transaction with the highest security standards.
Infrastructure security
Altura's infrastructure is designed following the AWS Well-Architected Framework, ensuring security, reliability, and operational excellence. By leveraging AWS data centers and their audited security programs, we maintain robust physical, environmental, and infrastructure protections as part of our architecture.
Data in transit
At Altura, all data is transmitted through secure, encrypted channels using TLS 1.3 ensuring the highest level of protection. This approach safeguards both internal and external communications and reinforces the security of our website by mitigating risks associated with weaker protocol versions.
Data at rest
At Altura we use Advanced Encryption Standard (AES) with 256-bit keys when persisting confidential data within the vault. Each confidential record within the vault is previously encrypted under the SHA-512 hashing algorithm where irreversible and unique hashes are generated. It is then encrypted using a separate, randomly generated encryption key.
Robust & proactive product security
Altura ensures data protection through strict access controls, a secure development lifecycle, and continuous security testing. With proactive vulnerability management, penetration testing, and a bug bounty program, we stay ahead of emerging threats to keep our platform secure.
Data access monitoring
Altura policies and procedures ensure access to data is within a particular employee's scope of duty only. All access is based on the principle of least privilege. User-role assignment works to satisfy the least privilege principle and technical controls include enforcement of 2FA and VPN.
Software development lifecycle
Altura uses a continuous, secure, build and release process informed by industry practices including OWASP. New features and enhancements are peer reviewed and analyzed for security issues prior to release. Altura also has a dedicated QA team that analyzes all code for issues prior to deployment into production.
Security testing and vulnerability management
Altura proactively enhances its security by collaborating with industry experts and security researchers. We conduct regular penetration tests through an external firm and participate in HackerOne's bug bounty program to identify and address potential vulnerabilities. Additionally, our patch management process ensures timely updates for both internal and external services, with vulnerabilities triaged and remediated based on their severity.
Altura's commitment to security transparency
Learn about our commitment to security and compliance. Visit our Trust Security Center for policies, certifications, and more.
Talk with one of our
payment experts
Explore how Altura's innovative payment orchestration solutions can help you increase approval rates, reduce costs, seamlessly integrate over 1,000 global and local payment methods, and simplify payment management.