We’re committed to security and keeping data 100% protected.
We have received a SOC 2 Type II report demonstrating that we have the appropriate controls in place to mitigate the risks related to security, availability, and confidentiality.
Mesh Payments is committed to carrying out an annual SOC 2 audit.
Our products comply with global data protection and privacy laws that apply to both us and our customers, such as the GDPR. Although we are not required to follow the CCPA requirements, we protect personal information on behalf of our customers as it relates to CCPA.
All of our services run in the cloud. We don’t host or run our own network devices, application load balancers, or physical servers.
Our service is built on Amazon Web Services (AWS). They provide strong security measures to protect our infrastructure and are compliant with most certifications.
We use an industry-leading cloud-native monitoring solution to get visibility into our application security, identify attacks and respond quickly to a data breach.
We use technologies to monitor exceptions, logs and detect anomalies in our applications.
We collect and store logs to provide an audit trail of our applications activity.
As standard best practice, we adhere to the notion of least privileges, whereby only a small subset of personnel have the means to view your data, and only when needed to support you. Our authorized personnel sign a Non-Disclosure and Confidentiality Agreement to protect our customers sensitive information.
Naturally, all data access is logged and monitored for audit purposes too.
On an annual basis, Mesh is audited by a large external firm (KPMG) to ensure we continue to meet and exceed the requirements of SOC 2, a compliance standard. We ensure that all of our partners have current SOC 2 reports too.
Mesh Payments uses an industry leading firewall provider to protect against distributed denial- of-service (DDoS) attacks and attempted intrusions into our systems.
Mesh Payments is PCI compliant. We recognize the need for the highest security available to protect our merchants and their customers.
In compliance with PCI Data Security Standards, we have met and surpassed all requirements set forth as a Level 1 Service Provider.
Mesh Payments leverages automated systems to proactively prevent account takeover attempts and other malicious requests. We require all accounts to opt into multi factor authentication and immediately verify suspicious activity with the business owner.
We require multi-factor authentication (MFA) for all company administrators with access to sensitive company information and controls.
Access to our platform is only allowed through a Single Sign-On provider such as Okta, or Auth0.
We also support SSO through your identity provider (i.e. Okta idp) leveraging SAML technology.
All communication between a user’s device happens through industry-standard encrypted HTTPS connections.
All data is transmitted with encryption-in-transit using Transport Layer Security (TLS). Furthermore, all data stored by mesh payments is encrypted at rest with AES-256, block-level storage encryption.
Where possible within databases, we also leverage in-field encryption to protect particularly sensitive data.
Mesh uses tokenization to protect your card and CVV numbers.
We encourage everyone that practices responsible disclosure and comply with our policies and terms of service to report us any vulnerabilities they might discover.
You can report vulnerabilities by contacting firstname.lastname@example.org.
You can read our Vulnerability Disclosure Policy here.
Mesh by Role
The Mesh Prepiad Visa Card is issued by Metropolitan Commercial Bank (Member FDIC) pursuant to a license from
Visa U.S.A. Inc. “Metropolitan Commercial Bank” and “Metropolitan” are registered trademarks of Metropolitan Commercial Bank ©2014.
225w 35th St. New York, NY, 10001 USA | All rights reserved