Security practices

Security practices

Tipalti's security practices are divided into two parts:

  1. Protecting information
  2. Limiting access to resources

This section describes these practices, and the practices established to ensure the continuity of service, access to it, and the payer's ability to interact with it.

Protecting information

The Tipalti Solution has the following main system components in addition to Tipalti's back-office system. Select a component below to reveal further information.

The iFrame is served from web servers hosted with AWSAmazon Web Services and supported by a database cluster, also hosted with AWS. The databases are backed up automatically on a live basis; in other words, the databases are constantly replicated from Tipalti to an off-site location. The entire system image is backed up every day and once a week. The main servers are hosted by AWS.

Access to the iFrame and APIs is secured by:

  1. TLSTransport Layer Security - Ensures that information is protected in transit
  2. Payer web request authentication
    • All calls to the iFrame and APIs are authenticated with a cryptographic hash (SHA256 function) using a unique payer secret key.
    • The authenticating cryptographic hash contains a randomizing component so that repeat calls have different keys in effect.
  3. Support for key rotation
    • The authenticating cryptographic hash has a limited lifetime and expires if unused in the allotted time.
  4. Safelisting
    • All API calls (including calls to get a short-term key) can be safelisted.
    • Safelisting is optional and can be switched off, if desired by the payer.

      • The default implementation for safelisting is "ON".

Action validation

Payee account activity (e.g., change in payment details, change in personal details, etc.) is logged automatically by Tipalti. The payer may choose to enable any of these actions:

  1. Changes are saved to the system only after the payee enters a validation code sent via email.
  2. Changes made by the payee are communicated automatically to the payer via:
    1. Email
    2. IPNAn Instant Payment Notification (IPN) is a messaging service that enables you to receive notifications from Tipalti. IPNs are triggered when defined events occur (e.g., updating payee details).

All communication is protected via TLS secure transmit protocol.

  • Access to the Tipalti Hub is secured via 2FA, username and passwords. Passwords are required to be of a certain complexity and expire every 90 days.
  • Activity in the Tipalti Hub is restricted by user roles and only users with the Approve Payment role can authorize payments.

Data

Sensitive data collected and stored (including account numbers, Social Security Numbers and other personally identifiable information) are encrypted with the AESAdvanced Encryption Standard. Tipalti uses the same level of encryption used by industry leaders, such as Amazon, eBay, PayPal, etc.

Access

  • Access to databases is restricted via Security Groups, a production domain role-based access controls, and network segmentation. Access to databases is given on a need-to basis and is strictly monitored for production databases and privileges.

    • Developers do not have access to production databases.

  • The databases are constantly replicated from Tipalti to an off-site location. The entire system image is backed up every day and once a week.

Limiting access to resources

To safeguard Tipalti's information, strict segregation exists between the "production" environment and all other systems. Select a system below to reveal further information.

  • Access to the production information systems is permitted only on a need-to basis to select staff, per case.
  • Access is restricted by:
    • Limiting the networks for which access is granted
    • Employing a separate domain for production systems
  • Any database or code upgrade to the production system is approved by the CEO, CTOChief Technology Officer or VP of Engineering.
  • The production servers and AWS account are monitored for errors, alerts and intrusion (intrusion detection system), in addition to other baseline security controls (Anti-Virus, Firewall, etc.).

Payment system interfaces are not hosted. The CEO and CTO maintain the systems and code for executing payments. In addition, the CEO, CTO and VP of Engineering have control of payment passwords and keys, which are not shared.

Blocked IPs

In addition to the security practices described above, Tipalti has blocked all IPs from the following locations:

Payees and payer users in these locations see the following message when trying to access the iFrame and Tipalti Hub: "Tipalti service is not supported in the country from which you are attempting to access its service."