CURRENTLY WERE EXPERIENCING A TEMPORARY OUTAGE, SEE CYBEROCTO.ORG FOR DETAILS

Seamlessly Convert Payments to Website Credit—Empower Your Business with Instant Digital Currency Solutions! Seamlessly Convert Payments to Website Credit—Empower Your Business with Instant Digital Currency Solutions! Seamlessly Convert Payments to Website Credit—Empower Your Business with Instant Digital Currency Solutions! Seamlessly Convert Payments to Website Credit—Empower Your Business with Instant Digital Currency Solutions! Seamlessly Convert Payments to Website Credit—Empower Your Business with Instant Digital Currency Solutions! Seamlessly Convert Payments to Website Credit—Empower Your Business with Instant Digital Currency Solutions! Seamlessly Convert Payments to Website Credit—Empower Your Business with Instant Digital Currency Solutions! Seamlessly Convert Payments to Website Credit—Empower Your Business with Instant Digital Currency Solutions!

Security & Compliance

CyberOcto Pay Security & Compliance

At CyberOcto Pay, security and compliance are foundational to everything we do. We implement industry-leading controls to protect merchant data, transaction integrity, and operational security.

Authentication & Access Security

Secure Tokens and Certificates

CyberOcto Pay implements secure authentication mechanisms across our payment processing platform and merchant integrations.

API Key and Secret Pairs

  • Merchants are issued unique API key and secret combinations for API access
  • Both key and secret must be provided together to verify merchant identity
  • Credentials are transmitted securely over encrypted channels only
  • Stored securely and never logged in plain text
  • Merchants are required to rotate keys periodically
  • Compromised credentials can be revoked immediately

User Sessions and Bot Detection Tokens

  • User sessions are established and maintained securely for authenticated access
  • Session tokens verify legitimate user activity and prevent bot access
  • Sessions are encrypted and validated on each request
  • Session tokens expire after defined periods of inactivity
  • Suspicious activity triggers additional verification

SSL/TLS Certificates

  • All communications between CyberOcto Pay and merchants/partners are encrypted using SSL/TLS (HTTPS)
  • Certificates issued by trusted certificate authorities
  • Regularly renewed and kept current
  • All data in transit is encrypted and protected from interception

Zero Trust Access Architecture

CyberOcto Pay has implemented a zero trust access architecture across our network and systems. This architecture requires authentication and authorization verification for every access request, with no implicit trust granted based on network location or prior access.

Authentication on Every Access Request

  • Every access request to systems, applications, and resources requires explicit authentication
  • No implicit trust granted based on network location or connection source
  • Authentication required regardless of whether access originates from internal or external networks
  • Multi-factor authentication and secure credentials used to verify user and system identity

Authorization and Access Control

  • Every authenticated request evaluated against authorization policies
  • Access granted only to users and systems with explicit permission for the requested resource
  • Authorization decisions based on user/system identity, role, resource sensitivity, and business context
  • Permissions granted with principle of least privilege (minimum required access)

Network Segmentation and Isolation

  • Network access segmented to prevent lateral movement and unauthorized access
  • Systems and resources isolated based on function, sensitivity, and trust level
  • Access between network segments requires explicit authentication and authorization
  • Internal network connectivity does not grant implicit access to other systems

Continuous Verification and Monitoring

  • Access requests continuously verified and validated
  • All access attempts logged and monitored for anomalies
  • User and system behavior monitored to detect unauthorized or suspicious activity
  • Access controls enforced consistently across all systems and resources

Policy Enforcement

  • Zero trust access policies defined, documented, and enforced
  • Policies reviewed and updated regularly to address emerging threats
  • Exceptions documented and approved by management
  • Policy violations trigger alerts and investigation

Role-Based Access Control (RBAC)

CyberOcto Pay has implemented role-based access control to restrict access based on job function and operational need.

  • Access permissions are assigned by role
  • Users and administrators receive only the access required to perform their responsibilities
  • Privileged access is limited and controlled
  • Access rights are reviewed and adjusted as needed

Multi-Factor Authentication on Consumer-Facing Application

CyberOcto Pay has implemented multi-factor authentication (MFA) on the consumer-facing application where Plaid Link is deployed.

  • MFA is required for applicable merchant-facing access points
  • Additional verification is used to reduce unauthorized account access
  • Authentication controls are designed to strengthen account security for users accessing the application

Data Protection

Data Encryption at Rest

CyberOcto Pay has implemented data encryption at-rest controls to protect sensitive business, merchant, customer, and operational data stored within our systems.

Stored Data Protection

  • Sensitive data stored in databases, file systems, and application storage is protected using encryption at rest
  • Encryption controls applied to production systems storing merchant, transaction, and operational data
  • Stored data protected against unauthorized access in event of system compromise or physical media exposure

Infrastructure and Storage Security

  • Encryption at-rest protections applied at the server, storage, or platform level
  • Access to stored encrypted data restricted to authorized personnel and systems only
  • Administrative access limited and controlled according to operational need

Key and Access Management

  • Access to encrypted data controlled through secure authentication and authorization
  • Encryption-related access restricted and managed according to internal security procedures
  • Sensitive credentials and access pathways limited to authorized users only

Data in Transit Security

CyberOcto Pay secures data in-transit communications.

  • Data transmitted between systems, users, merchants, and partners is encrypted using SSL/TLS
  • HTTPS is enforced for relevant application and website traffic
  • In-transit protections are maintained to reduce the risk of interception, tampering, or unauthorized disclosure

Vulnerability & Software Lifecycle Management

Vulnerability Patching and SLA Compliance

CyberOcto Pay maintains a structured vulnerability management program that includes identification, assessment, and patching of identified vulnerabilities within defined Service Level Agreements.

Vulnerability Identification

  • Identified through regular security assessments and reviews
  • Monitoring of systems and applications
  • Third-party vulnerability disclosures and advisories
  • Internal and external security testing
  • Incident response and threat monitoring

Assessment and Prioritization

  • Vulnerabilities assessed for severity and business impact
  • Prioritized based on severity level, exposure, exploitability, and operational impact

Patching SLA

Severity LevelTarget Remediation TimeDescription
Critical24–48 hoursVulnerabilities with immediate risk to operations, data security, or customer impact
High7 daysVulnerabilities with significant risk requiring urgent attention
Medium30 daysVulnerabilities with moderate risk requiring timely remediation
Low90 daysVulnerabilities with minimal risk addressed in regular maintenance cycles

Patch Management Process

  • Patches and updates tested before deployment to production systems
  • Patching coordinated to minimize operational disruption
  • Patch deployment documented and tracked
  • Systems monitored post-patch to ensure stability and effectiveness
  • Emergency patching procedures in place for critical vulnerabilities

Compliance and Monitoring

  • Vulnerability management activities monitored and reviewed regularly
  • Patching compliance tracked against defined SLAs
  • Exceptions and delays documented with business justification
  • Remediation efforts reported and tracked for accountability

End-of-Life Software Management

CyberOcto Pay monitors end-of-life (EOL) software in use and updates policies to include EOL management practices.

  • Software and system components are reviewed for lifecycle status
  • End-of-life software is identified and evaluated for replacement, upgrade, or mitigation
  • Internal update and maintenance practices include EOL awareness and management considerations
  • Unsupported software is addressed to reduce operational and security risk

Compliance Standards

CyberOcto Pay maintains these security and compliance controls in adherence to:

  • Payment Card Industry Data Security Standard (PCI DSS) — industry standard for payment card data protection
  • Industry Best Practices — secure API design, network security, access control, and vulnerability management
  • Data Protection and Privacy Regulations — compliance with applicable data protection laws
  • Internal Security Policies — comprehensive internal security standards and procedures

Questions?

For questions about CyberOcto Pay’s security practices, compliance controls, or this attestation, contact us at  support@cyberoctopay.com .

Effective Date: March 31, 2026 Authorized by: CyberOcto Pay Management

Scroll to Top