Mesh Payments is a SOC 1 Type I and SOC 2 Type II compliant company and is deeply committed to building and implementing the controls that will help strengthen the security, privacy, and transparency of financial reporting for all of its customers and their vendors.
Mesh Payments undergoes independent SOC 1 Type I and SOC 2 Type II audits on an annual basis by a licensed CPA .
Our products comply with global data protection and privacy laws that apply to both us and our customers, such as the GDPR. Although we are not required to follow the CCPA requirements, we protect personal information on behalf of our customers as it relates to CCPA.
All of our services run in the cloud. We don’t host or run our own network devices, application load balancers, or physical servers.
Our service is built on Amazon Web Services (AWS). They provide strong security measures to protect our infrastructure and are compliant with most certifications.
We use an industry-leading cloud-native monitoring solution to get visibility into our application security, identify attacks and respond quickly to a data breach.
We use technologies to monitor exceptions, logs and detect anomalies in our applications.
We collect and store logs to provide an audit trail of our applications activity.
As standard best practice, we adhere to the notion of least privileges, whereby only a small subset of personnel have the means to view your data, and only when needed to support you. Our authorized personnel sign a Non-Disclosure and Confidentiality Agreement to protect our customers sensitive information.
Naturally, all data access is logged and monitored for audit purposes too.
On an annual basis, Mesh is audited by a large external firm (KPMG) to ensure we continue to meet and exceed the requirements of SOC 2, a compliance standard. We ensure that all of our partners have current SOC 2 reports too.
Mesh Payments uses an industry leading firewall provider to protect against distributed denial- of-service (DDoS) attacks and attempted intrusions into our systems.
Mesh Payments is PCI compliant. We recognize the need for the highest security available to protect our merchants and their customers.
In compliance with PCI Data Security Standards, we have met and surpassed all requirements set forth as a Level 1 Service Provider.
Mesh Payments leverages automated systems to proactively prevent account takeover attempts and other malicious requests. We require all accounts to opt into multi factor authentication and immediately verify suspicious activity with the business owner.
We require multi-factor authentication (MFA) for all company administrators with access to sensitive company information and controls.
Access to our platform is only allowed through a Single Sign-On provider such as Okta.
We also support SSO through your identity provider (i.e. Microsoft Azure AD, Google Workspace) leveraging SAML technology.
All communication between a user’s device happens through industry-standard encrypted HTTPS connections.
All data is transmitted with encryption-in-transit using Transport Layer Security (TLS). Furthermore, all data stored by mesh payments is encrypted at rest with AES-256, block-level storage encryption.
Where possible within databases, we also leverage in-field encryption to protect particularly sensitive data.
Mesh uses tokenization to protect your card and CVV numbers.
We encourage everyone that practices responsible disclosure and comply with our policies and terms of service to report us any vulnerabilities they might discover.
You can report vulnerabilities by contacting security@meshpayments.com.
You can read our Vulnerability Disclosure Policy here.
By using this website you agree to our cookie policy.
