Security

MeaWallet products go through an extensive security and functional evaluations every twelve to eighteen months, as well as after every major upgrade of our software. Evaluations are done by accredited third-party security labs.

Backend

• Hosted in PCI-DSS certified environment

• Data encryption

  • All payload is encrypted

• Separated services

  • All services are separated
  • Each service can only decrypt its own messages

• Secure data storage and crypto

  • Hardware Security Module (HSM)[/docs/glossary]
  • Secure location and hosting

Mobile SDK

• Secure data

  • Storage - encrypted data storage for all sensitive data and keys
  • Processing - sensitive data and keys are never processed in plaintext in Java
  • Cryptographic key protection - White-box cryptography (AES)

• Integrity checks

  • SDK - self-test of integrity
  • Device - detections for compromised OS, for example, rooting detection
  • Data - secure binding of the data storage and the SDK instance installation
  • Wipes all sensitive data if data or device has been compromised

• Secure communication

  • Transport layer - mutual TLS authentication
  • Application layer - payload encryption using AES
  • Push messages never contain sensitive data

• Follows the latest specifications

  • Mastercard, Visa, Amex