Security and Data Handling

Payment and data security should always be a priority. On this page, you will find detailed information about our security measures and our approach to processing and sharing your data.

We provide an overview of our security features and our commitment to data privacy. Additionally, we offer insights into our licensing and the management of data across different licenses.

Noda uses cloud infrastructure to build our applications and services. Modern cloud service providers are some of the most secure globally, investing millions of dollars to ensure the highest safety standards. Plus, they continuously upgrade and refine their systems to make them even more impenetrable and secure.

Working with well-known global providers of cloud infrastructure security is the key factor for building Noda’s information security programme.

Noda encrypts all sensitive data simultaneously on two layers. We use the Transport Layer Security (TLS) protocol when information is transferred between network servers, and we apply the Advanced Encryption Standard (AES) when the data is stored.

Utilising this two-layered encryption approach enables us to minimise potential safety concerns as sensitive data remains encrypted even on those rare occasions when one of the components is compromised.

Our automated alert systems allow us to respond instantly to the threats occurring at night, on weekends, on public holidays, or during other non-working hours.

Noda's round-the-clock support team swiftly resolves connectivity issues for specific clients and also collects suggestions for improving Noda's systems. We are always here and ready to help.

Noda regularly obtains relevant certifications and maintains up-to-date PCI DSS and PCI SSLC licenses. Payment Card Industry Data Security Standard (PCI DSS) is the industry benchmark aimed at reducing payment fraud by enhancing data protection controls.

Meanwhile, the PCI Secure Software Lifecycle Standard (PCI SLLC) ensures that payment software vendors incorporate security throughout the software development lifecycle, producing applications that are secure by design and robust against attacks. These licenses are administered by the PCI Security Standards Council (PCI SSC).

At Noda, we understand that achieving maximum information security requires focusing on both external and internal environments. That's why we implement Multi-Factor Authentication (MFA) for our employees to access all critical internal platforms.

MFA adds an extra layer of authentication, which helps prevent unauthorised access to data through internal systems.

All components of Noda’s products, including Noda API, are being continuously monitored and inspected by our IT security team.

This team consists of IT experts who regularly attend professional conferences and engage in ongoing education within their field.

Our bug bounty program welcomes any developers who identify as a hackers. If you or your colleagues discover any flaws, shortcomings, or vulnerabilities in our security systems or have suggestions to enhance the functionality of Noda API endpoints, you can participate in our program and receive a reward.

To report an issue or make a suggestion, simply email our security team at security@noda.live. The reward amount varies based on the severity of the shortcoming or vulnerability.

Noda Handles Your Customers’ Data

At Noda, we care about your customers and process their data with the utmost care. Here’s what happens when your customers make a payment or onboard via our services.

Insert IBAN for manual payment

The buyer initiates the payment and completes authentication by their chosen bank.

When the authentication by the bank is finalised, the bank requests transaction confirmation.

After the confirmation, Noda receives the user’s account number as well as the amount and the currency of the payment.

Consequently, this data can be used as input values for Noda’s internal algorithms and it can be shared with merchants to confirm that the payment was successful.

FAQ

Is Noda secure?

Yes, Noda is secure. As previously mentioned, Noda is designed not only to be safe but also to continuously monitor its security levels. We employ a multi-layered approach to significantly reduce the risks of hacking and data breaches. For instance, we utilise leading encryption protocols, top-tier cloud infrastructure providers, multi-factor authentication, and conduct around-the-clock comprehensive monitoring of our services.

Is Noda safe?

Yes, Noda is safe. Thousands of end consumers trust Noda to securely make payments through their preferred banks, where they confidently store their money. Noda never shares consumer data without their explicit consent. Simultaneously, we take every measure to ensure their data is protected at every step.

What data can Noda access and share?

Noda serves both as a Payment Initiation Service Provider (PISP) and Account Information Services Provider (AISP). In the first case, we provide your client with Payment Initiation Services (PIS). What this essentially means is that Noda will facilitate the payment process for your clients by transferring funds directly from their linked payment account(s) to the chosen beneficiary upon their explicit consent. In this case, Noda accesses the following data:

Account number
Full name

Consequently, this data can be used as input values for Noda’s internal algorithms, and it can be shared with merchants to confirm that the payment was successful.

In the second case, the Account Information Service (AIS) enables Noda to access and view information about all online banking accounts in one place and analyses your clients’ financial information upon their consent. In this case, Noda has access to the following data:

Identity information
Account balances
Transaction history for 90 days

Consequently, this data can be used to improve Noda’s internal algorithms. It can also be shared with merchants in an aggregated form – for example, as a scoring value showing which payment category a user is identified with (from 1 to 5).

How do I know open banking is safe?

Open banking is designed with a strong focus on security, ensuring it’s completely safe for your customers. Here are some of its key security features:

Bank-level security: Open banking employs rigorously tested software and security systems. Consumers are never required to share their bank login details or passwords with anyone except their own bank.
Regulation: Only apps and websites regulated by the UK’s Financial Conduct Authority (FCA) or equivalent institutions in Europe are permitted to use open banking.
Control over data: Customers have the power to decide when and for how long they share their data. They can also revoke this access at any time through their banks.

I have an issue with Noda’s services; who can I contact?

Should you experience any difficulties with Noda’s services, we suggest the following channels for support:

Skype/Telegram Group Chat: We established a dedicated group chat to facilitate seamless communication. If you have questions about integration or encounter technical problems, don’t hesitate to send a message to the group and tag us at

tech@noda.live

@noda_tech

Personal Manager: For inquiries not related to technical support, feel free to contact your personal manager directly in the group chat or through a private message.

Email Support: Both merchants and their customers can reach us at

support@noda.live

Remember, we’re always ready to assist you!

Security & Data Handling

Noda Security

Use of Cloud Infrastructure Providers

Data Encryption Approach

Automated Alerts System

24/7 Tech Support Team

Certification

MFA

Information Security Team Monitoring

Bug Bounty Program