Your security is our priority
Protecting your data and your customers' data is fundamental to everything we do. Learn about our security practices, certifications, and commitment to keeping your payments safe.
Industry certifications
We maintain the highest standards of security and compliance in the payments industry.
PCI DSS Level 1
The highest level of certification in the payment card industry. We undergo annual audits by qualified security assessors to maintain this certification.
SOC 2 Type II
Independent verification that our systems meet the trust services criteria for security, availability, processing integrity, confidentiality, and privacy.
FCA Authorised
Authorised by the Financial Conduct Authority (FRN: 976592) under the Payment Services Regulations 2017 for the provision of payment services.
Security practices
Multiple layers of protection to keep your data safe.
Encryption everywhere
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Card numbers are tokenized immediately upon receipt.
Network security
Enterprise-grade firewalls, intrusion detection, and DDoS protection. Regular penetration testing by independent firms.
Access controls
Strict role-based access controls. All access is logged and regularly audited. Multi-factor authentication required.
Real-time monitoring
24/7 monitoring of all systems. Automated alerts and incident response procedures. Dedicated security operations team.
Fraud prevention
Machine learning models analyze every transaction in real-time. Customizable rules for additional protection.
Secure development
Security built into our SDLC. Code reviews, automated testing, and vulnerability scanning before deployment.
Built for security from the ground up
Our infrastructure is designed with security as a core principle, not an afterthought. Every component is selected and configured to provide maximum protection.
We partner with industry-leading cloud providers and maintain redundant systems across multiple availability zones to ensure both security and reliability.
Multi-region redundancy
Data replicated across geographically separated data centres
Private network isolation
Payment systems isolated from public internet access
Automated failover
Instant failover to backup systems if issues detected
DDoS Protection
Global edge network filtering
Web Application Firewall
Request inspection & filtering
TLS 1.3 Encryption
End-to-end encrypted connections
Isolated VPC
Private network segmentation
Encrypted Storage
AES-256 at-rest encryption
Responsible disclosure
We appreciate security researchers who help us keep TurraTech secure. If you discover a potential vulnerability, please let us know.
Report a vulnerability
If you believe you've found a security vulnerability in any TurraTech service, we encourage you to report it to us. We will investigate all legitimate reports and do our best to quickly fix the problem.
Please email us at security@turratech.com with details of the vulnerability. Include steps to reproduce the issue if possible.
We ask that you give us reasonable time to respond to your report before making any information public, and that you make a good faith effort to avoid privacy violations, data destruction, and service disruption.