Security is at the forefront of everything that Eftsure does.

Cloud Security
Eftsure is hosted onshore within Amazon Web Services (AWS) and only utilises Australian data centres. We also take advantage of AWS industry leading, and well recognised security features. We have also undergone a formal AWS Foundational Technical Review (FTR) through the AWS Partner Network to acknowledge that the eftsure Solution is recognised as adhering to AWS Well Architected best practices. Amazaon Web Services continues to have the highest security posture with compliance to international standards. More information is available from their website: https://aws.amazon.com/compliance/data-center
Data Encryption
We protect the confidentiality, integrity, and availability of Eftsure’s data both in transit and at rest using industry standard encryption protocols including TLS v1.2, TLS v1.3 (when available) and AES-256bit encryption to ensure the standards we use are the most secure and robust that the industry has to offer.
Data Privacy
We comply to privacy policies as per industry standards such as the Australian Privacy Act 1988 including the Australian Privacy Principles (APPs) and all other Australian privacy and data protection laws, mandatory codes, and other mandatory requirements. We have also engaged in 3rd party independent experts and advisers to confirm our compliance to the Australian Privacy Act.
Data Privacy and Handling
Eftsure formally maintains and actively enforces a data classification matrix which articulates how data is treated and protected across the organisation. Our data classifications matrix has been reviewed by multiple 3rd party security experts to endorse our approach to the confidentiality, accountability and imposed restrictions are inline with industry standards and security frameworks.
Single Sign-On
Eftsure has implemented Single Sign-On (SSO), a secure authentication process that allows our customers to access our services leveraging their own user logins through Azure Active Directory as well as Okta integration. Our SSO implementation minimises the risk of unauthorized access and enhances the security of our customers' accounts by ensure our customers have full control of user access management upstream from Eftsure. At Eftsure, we prioritize the protection of our customers' data and information, and SSO is one of the ways we achieve that.
Multi Factor Authentication
Eftsure has implemented Multi Factor Authentication (MFA), an additional layer of security that verifies user identity prior to granting access with two or more factors, such as something that is known such as a password, and something that is in your possession such as a One Time Passwords (OTP) to your nominated mobile phone. With MFA, our customers can rest assured that their accounts are protected against unauthorized access and identity theft. At Eftsure, we are committed to ensuring the highest level of security for our customers, and MFA is one of the ways we achieve that.
In today’s digital world, it is essential every organisation enforces multiple layers of protection to ensure its security, the privacy of it’s data, and the protection of it’s customer’s data. At Eftsure we strive to lead the way when it comes to security.
Mark Chazan
CEO, Eftsure

Security Framework Standards

ISO 27001 compliant

We have now formally received our ISO 27001 certification where we have demonstrated we comply to all 114 security requirements under the standard – without any exclusions or exceptions.
ISO 27001 certification is available here

ACSC Essential Eight

The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies to help organisations protect themselves against various cyber threats. The most effective of these mitigation strategies are the Essential Eight. The Essential Eight was designed to keep organisations safe, fortify defences amid rising cyber threats and bolster business' security throughout Australia. Eftsure adheres to the principles within the Essential Eight framework

The New Zealand National Cyber Security Centre

The New Zealand National Cyber Security Centre (NCSC) provides a security programme referred to as the Cyber Security Framework which includes a set of guidelines for organisations to follow to protect their information systems and data from cyber threats. While this framework is currently in beta, Eftsure already adheres to other further established frameworks ISO 27001 and the Australian Essential Eight Cyber Security Model, which are already well-aligned with the NCSC framework's requirements as they share similar focus areas. By aligning with these frameworks, Eftsure demonstrates a commitment to safeguarding their customers' information and protecting against cyber threats.

Cyber Assurance Risk Rating

Eftsure has also been consistently rated in the top band of the Cyber Assurance Risk Rating (CARR) Report which is a report based on an independent certification assessment performed by a specialist Cyber Security Specialist analyst company – “Security in Depth”. The Cyber Assurance Risk Rating (CARR) certification methodology is based on the following internationally recognised Security Frameworks: ISO 27001, SANS CIS Security Controls, NIST v1.1, COBIT, ISM.
Security in Depth

FAQ

Eftsure has redundancy configured across multiple AWS data centres in which is demonstrated within our Recovery Time Objectives and Recovery Point Objectives as documented and verified through our Business Continuity and Disaster Recovery Plans. Availability also extents beyond infrastructure and to our resources as well where we have a dedicated Verifications team who are able to operate 24 hours a day, during Monday – Friday.

We have processes in place to monitor changes to regulatory policies to ensure the highest level of compliance through ongoing engagement with 3rd party specialists for advice to ensure that we align with security industry best practices. This includes a long term engagement with an independent 3rd party security firm (Security In Depth), who have customers including the Victoria Police and Victoria State Government, as well as the Reserve Bank of Australia. For more information, please refer to their website: https://securityindepth.com.au

Eftsure maintains a detailed Security Incident Response Plan which adheres to the principles within ISO/IEC 27035, involving:

  • Incident Preparation;
  • Incident Identification;
  • Incident Assessment;
  • Incident Response;
  • and Incident Review and Lessons Learned

Our incident response plan has also been reviewed by multiple 3rd party security firms to confirm our commitment to ensuring we are able to handle any unexpected incidents that occur across the organisation.

Learn why customers trust us

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.

Request Demo