Community Blog

Concerned About Security and Privacy in Payments? Here’s What You Need To Know

21 June 2021
by Ganesh Srinivasan, VP Compliance & Information Security

COVID-19 has taught the financial services industry the painful lesson that it can’t always anticipate what the future holds. Business continuity and security need to be emphasized more than ever before, which involves arming ourselves with the most advanced technology available to foster resiliency, security and adaptability, no matter the circumstance.

At Volante, we believe that the answer to all of this uncertainty lies in the cloud and payments-as-a-service. In particular, payments services providers need to give confidence to their customers that their cloud-based solutions can continue to operate with outstanding resiliency.

ISO 27001 and SOC1/SOC2

There are important accreditations particularly for cloud-based payments services and solutions, such as ISO 27001 (ISO/IEC 27001:2013), System and Organization Controls Reporting (SOC 1 and SOC 2), and the Payment Card Industry Data Security Standard (PCI DSS).

ISO 27001 is an independently-audited, international best-practice standard for Information Security Management Controls. In specific relation to cloud-based services, certification can be achieved in up to fourteen information security domains, evidencing an organization’s commitment to compliance and security, and ensuring that any data from banks and financial institutions is safeguarded by the service provider.

Every aspect of information security is covered, from product development to support services. There are multiple controls within the audit for each activity, each of which is assessed by the external auditor. Customers can then be assured that the provider has the adequate and appropriate levels of information security in place.

The System and Organization Controls Report 1 (SOC 1) focuses on internal controls in the service organization that will impact the financial reporting of the user organizations. Primarily considered an obligation for service providers in the U.S., it is now becoming more relevant on a global basis, particularly in Latin America.

Whilst technology service providers are not normally required to comply with this attestation (as they do not directly handle the financial information of their customers), Volante was keen to obtain this accreditation in order to reassure its clients that the integrity of the data processed by Volante will remain intact - a ‘gold standard’ if you will.

The System and Organization Controls Report 2 (SOC 2), on the other hand, is required by all service providers. Taking the form of an attestation report performed under the Association of International Certified Professional Accountants (AICPA) attestation standards, a SOC 2 report provides an opinion by an independent auditor that internal controls are in place relating to security, availability, processing integrity, confidentiality and privacy trust services principles. In addition, being in compliance with the SOC 2 privacy criteria may serve in helping clients be compliant with GDPR data privacy rules.

During the COVID-19 pandemic there has been an increase in the number of ransomware attacks. Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) adds an additional focus on data security to help mitigate data loss. A PCI DSS attestation of compliance conducted by a Qualified Security Assessor (QSA) assures customers that best practices are followed accordingly for detecting, preventing and remediating data breaches.

Providing surety

These types of industry-respected accreditations ensure the integrity of data being processed in a cloud-based platform, and provide surety that all data is being securely processed within an information security boundary.

In these times, peace of mind is paramount. And we believe that properly accredited cloud-based systems are the best way to deliver that to our customers. 

Ganesh Srinivasan
VP Compliance & Information Security

Ganesh Srinivasan

Ganesh is the Vice President, Compliance & Information Security at ‎Volante Technologies.

Ganesh Srinivasan
Recent blog posts
Reimagining Legacy Core Banking Technology

09 November 2021

Reimagining Legacy Core Banking Technology

Reimagining banking technology starts at the core. As the number of real time payments is poised to triple this year, the demand for easily upgradeable, rock-solid systems without interruptions is growing.

by Kelly Hund, Inside Sales, North America

Blurring The Faster And Real-Time Payments Divide

27 October 2021

Blurring The Faster And Real-Time Payments Divide

Faster and near-real-time payments are rapidly becoming the worldwide norm. While payments are gaining in speed and reliability, there remains an important distinction between “faster” and “real-time” payments. Yet, both stand out in having unique use cases.

by Abhishek Tiwari, Sr. Business Analyst, Volante Technologies