Security

LiasonPay operates as a payment orchestration layer between your systems and regulated payment partners. Security and reliability are core to that role. This page summarizes our practices at a high level. It is not an exhaustive control list and does not replace your own security obligations or contractual commitments.

Security governance

We maintain policies for access control, change management, vendor risk, incident response, and business continuity. Controls are reviewed and updated as the product and threat landscape evolve.

Encryption and transport

Data in transit is protected using modern TLS. Sensitive configuration and credentials are stored using appropriate encryption and secret-management practices within our cloud environments. Cryptographic standards are aligned with industry recommendations and rotated as needed.

Access control

Administrative access to production systems follows least-privilege principles, multi-factor authentication where supported, and logging of privileged actions. Customer dashboard access is protected by authentication, session controls, and role-based permissions you configure.

Infrastructure and segmentation

We host on reputable cloud providers with network segmentation designed to separate public-facing components from internal services. Perimeters and filters help reduce exposure to common attacks; defense-in-depth is applied at multiple layers.

Logging and monitoring

We collect operational and security logs to detect anomalies, support investigations, and meet compliance needs. Monitoring and alerting are tuned for availability, error rates, and suspicious activity patterns.

Vulnerability management

We perform regular dependency updates, vulnerability scanning, and patch management. Critical issues are prioritized based on severity and exploitability. Responsible disclosure reports are triaged through our security contact.

Incident response

We maintain an incident response process that includes containment, eradication, recovery, and post-incident review. Where required by law or contract, we will notify affected customers without undue delay, with information available at the time.

Payment data scope

LiasonPay’s orchestration model is designed to minimize exposure to raw cardholder data. Actual storage and processing of PAN or other regulated payment credentials are primarily handled by licensed PSPs and your integrations. You remain responsible for configuring integrations lawfully and for any PCI DSS scope that applies to your environment.

Your responsibilities

You should enforce strong passwords, rotate API keys, restrict IP allowlists where available, validate webhook signatures, and keep your own systems patched. Report suspected abuse or credential compromise to us immediately.

Report a vulnerability

If you believe you have found a security issue, email [email protected] with a clear description and reproduction steps. Please avoid public disclosure until we have had a reasonable time to respond.

Related policies

See our Privacy Policy for how we handle personal data and our Terms of Service for contractual terms.