Data Security
Security at Monek
Monek is committed to safeguarding the sensitive data of our users and their customers. As a payments infrastructure company, we continually enhance our security measures to meet the stringent requirements of the global financial sector.
Standards and Regulations Compliance
Monek employs industry-leading security practices to ensure a high level of protection.
PCI Certification
Monek has been evaluated and certified as a PCI Service Provider Level 1 by a PCI-certified auditor, the highest level of certification in the payments industry. This certification covers all services offered by Monek.
NIST Cybersecurity Framework
Monek's information security policies align with the National Institute of Standards and Technology (NIST) and Center for Internet Security (CIS), meeting the standards required by enterprise customers who offer secure products like on-demand cloud computing and storage platforms.
Privacy and Data Protection
We continuously update our privacy and data protection procedures to comply with applicable regimes. For more details, refer to our Privacy Policy
Monek Product Security
Security is a core principle in Monek’s product design and infrastructure. We provide various features to help users secure their Monek data.
Sensitive Action Authentication
The Monek Dashboard supports multiple forms of multi-factor authentication (MFA), including SMS, and universal 2nd factor (U2F), enabling customers to enforce sign-in requirements and manage access control.
HTTPS and HSTS for Secure Connections
All services, including our public website and Dashboard, mandate HTTPS using TLS (SSL). We use HSTS to ensure browsers interact with Monek only over HTTPS. Our server-to-server communication is encrypted using mutual TLS (mTLS), and we use dedicated PGP keys for secure communications.
Dedicated Card Technology
Monek encrypts sensitive data in transit and at rest, storing primary account numbers (PANs) in a separate, secure environment. Card numbers are encrypted with AES-256, and decryption keys are stored separately. Sensitive data, including bank account information, is tokenized and isolated.
Proactive Internet Monitoring
We scan the internet for compromised API keys and work proactively to take down external phishing pages. We use the GitHub Token Scanner to alert us to leaked API keys on GitHub.
Infrastructure Safeguards
Our security team regularly tests our infrastructure through vulnerability scans, penetration tests, and red team exercises. We work with leading security firms for third-party scans and address findings promptly. Servers are automatically replaced to maintain health and security.
Corporate Technology
Monek adopts a zero-trust approach to employee access management, requiring SSO, 2FA with hardware tokens, and mTLS for internal systems. We monitor audit logs for abnormalities and review code changes in a tamper-evident log.
Security Posture Maintenance
Our developers collaborate with security experts from the outset of projects, using threat models and trust boundaries to guide secure implementation.
Employee Security Training
All Monek employees undergo annual security training, and engineers receive secure software development education. We conduct internal phishing campaigns to enhance phishing awareness.
Access Control Management
We follow a formal process for granting and reviewing system access, enforcing the principle of least privilege. Sensitive actions require human review, and data retention policies minimize data exposure.