© 2024 Coda Payments Pte. Ltd
Site Credits
CODA IS SECURE
At Coda, we understand that building security is more than just implementing HTTPS. It also means protecting your site from bad actors looking to exploit fraud opportunities. Even with a secure webstore, bad actors will try to look for vulnerabilities they can exploit to gain access to content fraudulently.
This is why Coda is constantly implementing solutions that provide threat intelligence and fraud detection early on to help us build a more secure application, as well as prevent fraudsters who may attempt to build look-alike sites and lure your customers into making payments to them using familiar channels.
Coda has detailed security standards, guidelines, and advanced SSDLC (Secure Software Development Lifecycle) tooling to detect potential security vulnerabilities early on. Our comprehensive approach includes:
Coda is dedicated
Coda recognizes that security is a collaborative effort, and we welcome reports of any potential vulnerabilities. Your insights are invaluable in helping us enhance our security measures and protect our users. We encourage you to read through Vulnerability Disclosure Policy and share your findings with us through our dedicated reporting channels.
CODA IS COMPLIANT
Privacy compliance is more multi-faceted than ever, in line with the changing tech landscape. To combat the complexity of multi-jurisdictional setting, Coda has implemented a risk-based approach resulting in privacy control. Our Group Privacy Officer and supporting team ensures everyone at Coda strictly adheres to applicable data privacy standards including:
Coda is deeply committed to safeguarding your Personal Data, in order to protect against loss, misuse, modification, unauthorised or accidental access or disclosure, alteration, or destruction. Unfortunately, no data transmission or storage over the Internet can be guaranteed as totally secure. Nonetheless, we have adopted and currently practice robust administrative, organizational, technical, and physical security measures to protect your Personal Data to the best of our reasonable capacity, including but not limited to the following:
How we keep transactions safe
Payment Card Industry Data Security Standard (PCI DSS) Level 1 Certification
The highest and most stringent level of adherence. Maintained and governed by the Payment Card Industry Security Standards Council (PCI SSC), the PCI DSS is periodically updated to address evolving security threats and technologies.
Dedicated fraud/risk team monitoring transactions 24/7.
We use our risk engine to apply intelligent transaction limits to mitigate risk of fraudulent behaviour, while auto fraud detection tools alert us of probable bad actors.
WAF (Web Application Firewall) & Rate Controls (DDOS/DOS)
Key protection mechanisms setup to handle external attacks ranging from web/API attacks to all-out DDOS.
Global 24/7 anti-phishing platforms
To protect our brand and intellectual property by automatically detecting fake sites, domains, and fake social posts. These are then escalated to domain registrars and social platforms to shut down threats.
Limiting Personal Data access to authorized and/or necessary personnel.
Implementing technical solutions to ensure information security.
Continuous monitoring and review of Personal Data protection measures.
Other security measures, as may be required by the laws and regulations applicable in the country where you are located.