Security

Integration

Our widget integration is an iframe based integration loading our secured pages. It manages a hand-shake between the parent & child window preventing alteration of the communication between the two once loaded.

Our JSON APIs comunications are secured over https, and authorized via a secret key that only your back-end should know.

Our Webhook notifications also leverage mechanisms such as content signature verification with a secret key, https, possible basic authentification header, and fixed IP for your firewall whitelist.

PCI Compliance

Payment data treatment is secured and compliant with regards to PCI standards.

We partner with PCI certified payment service providers in order to collect and use payment data:

• we use iframe based front-end integration from our PSP in order to collect the card information
• we do not transit nor store any payment data on our own servers
• we only use tokens

Encryption

All communication are secured over SSL/TLS. Encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

Our european data storages also benefit from enhanced security through data encryption at rest.

Fraud prevention

KYC

In order to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities. ShareGroop can follow the Know Your Customer (KYC) procedures regarding any customer, helping us collecting and monitoring suspicious activites to ensure a better fraud prevention. More information at support@sharegroop.com.

---

Our team is at the ready If you believe you’ve discovered any issue in our security, please contact us at support-it@sharegroop.com. We will investigate and respond as quickly as possible to your report. For the protection of our users, we request that you do not publicly disclose any suspected security issue until we have addressed it.