Skip to main content

Data Security

Security at Monek

Monek is committed to safeguarding the sensitive data of our users and their customers. As a payments infrastructure company, we continually enhance our security measures to meet the stringent requirements of the global financial sector.

Standards and Regulations Compliance

Monek employs industry-leading security practices to ensure a high level of protection.

PCI Certification

Monek has been evaluated and certified as a PCI Service Provider Level 1 by a PCI-certified auditor, the highest level of certification in the payments industry. This certification covers all services offered by Monek.

NIST Cybersecurity Framework

Monek's information security policies align with the National Institute of Standards and Technology (NIST) and Center for Internet Security (CIS), meeting the standards required by enterprise customers who offer secure products like on-demand cloud computing and storage platforms.

Privacy and Data Protection

We continuously update our privacy and data protection procedures to comply with applicable regimes. For more details, refer to our Privacy Policy

Monek Product Security

Security is a core principle in Monek’s product design and infrastructure. We provide various features to help users secure their Monek data.

Sensitive Action Authentication

The Monek Dashboard supports multiple forms of multi-factor authentication (MFA), including SMS, and universal 2nd factor (U2F), enabling customers to enforce sign-in requirements and manage access control.

HTTPS and HSTS for Secure Connections

All services, including our public website and Dashboard, mandate HTTPS using TLS (SSL). We use HSTS to ensure browsers interact with Monek only over HTTPS. Our server-to-server communication is encrypted using mutual TLS (mTLS), and we use dedicated PGP keys for secure communications.

Dedicated Card Technology

Monek encrypts sensitive data in transit and at rest, storing primary account numbers (PANs) in a separate, secure environment. Card numbers are encrypted with AES-256, and decryption keys are stored separately. Sensitive data, including bank account information, is tokenized and isolated.

Proactive Internet Monitoring

We scan the internet for compromised API keys and work proactively to take down external phishing pages. We use the GitHub Token Scanner to alert us to leaked API keys on GitHub.

Infrastructure Safeguards

Our security team regularly tests our infrastructure through vulnerability scans, penetration tests, and red team exercises. We work with leading security firms for third-party scans and address findings promptly. Servers are automatically replaced to maintain health and security.

Corporate Technology

Monek adopts a zero-trust approach to employee access management, requiring SSO, 2FA with hardware tokens, and mTLS for internal systems. We monitor audit logs for abnormalities and review code changes in a tamper-evident log.

Security Posture Maintenance

Our developers collaborate with security experts from the outset of projects, using threat models and trust boundaries to guide secure implementation.

Employee Security Training

All Monek employees undergo annual security training, and engineers receive secure software development education. We conduct internal phishing campaigns to enhance phishing awareness.

Access Control Management

We follow a formal process for granting and reviewing system access, enforcing the principle of least privilege. Sensitive actions require human review, and data retention policies minimize data exposure.