At Lean Payments, we take security seriously. To safeguard your information, we ensure a high degree of integrity within our compliance processes, fraud management, system, and operations. Don’t just take our word for it - below we’ve laid out our security features for your evaluation.
Compliance
To prevent illegal activity within our network, we ensure strict compliance with Canadian (FINTRAC) and international regulations.
In accordance with regulation, we administer a KYC for AML(Anti-Money Laundering) and CTF (Counter-Terrorism Financing) concerns. All users are screened against the necessary global watchlists to secure your business from bad actors and ensure that every payment is legitimate and legal.
Fraud Management
Lean Payments implements a cyber kill chain model to protect the platform from unverified user access early on in the registration process.
The logic of this model is simple - the earlier in the kill chain that a bad actor is stopped, the better you can stop them from breaching the platform. We’ve automated this process with the help of Flinks, which allows users to complete a digital KYC in minutes by connecting with your bank. Your bank validates that the information we use is legitimate and verifies that the identity of the user is really you. Only legitimate users can continue making their profiles. Flinks strengthens the KYC process and prevents fraud on the behalf of users and the financial institutions.
Operational Security
Now that we’ve covered how your data is hosted, here’s how we keep it safe while in use.
Multi-Factor Authentication (MFA): we use MFA by tokenizing your login rather than asking for a password. Essentially, we send a key to your email, and then if you perform a high-risk activity like changing your bank account or address, we send a second factor like another code to your cell phone.
Segregation Of Duties Principle (SoD): we implement SoD to limit the damage that could be done if one account is compromised via segregation of duty. This means that certain actions require that a minimum of two individuals with two separate roles must approve an action (i.e. when making a payment the editor selects an amount and the approver allows it to be sent).
Role-Based Access Control (RBAC): access to the platform is classified by an individual's role and the platform experience will be slightly different for individuals in different roles. Furthermore, when a new member is added to the platform, their default role is the most limited (Least Privilege Principle) and will need to be changed by an admin to gain more access.
System Security
We pride ourselves on offering bank-level security to clients so they can be assured their information is being kept safe.
Our platform is hosted with AWS, one of the most secure cloud-based computing platforms. In adherence to financial regulations, your information is hosted within Canada. Your data is encrypted, including all API calls as well as static or in-transit data. Data in transit is secured internally by TLS, exactly the same way it is secured at your bank. Not only is your data encrypted, but it is also dispersed on multiple systems to prevent attackers from obtaining usable data.
For more details about our security processes, feel free to contact us