Fraternitas, LLC (“Fraternitas”) is highly aware of and focused on the safety and security of Elektra Go and its customers. We look forward to regularly and periodically updating Central Payments and relevant partners on cybersecurity developments on our side. Our systems, processes, and practices ensure the security of our customer’s personal information and data through the following industry best practices and standards:

 

• Data

  • In transit: We implemented the AES256 ciphering algorithm for all the information transmitted in the infrastructure of ElektraGo, and we follow strict compliance of Hypertext Transfer Protocol Security (HTTPS) guidelines/standards and resctrict connections using a VPC environment for controlled communications.

  • At rest: We implemented encryption using the MongoDB and AWS KVM tools for the client’s stored information and follow strict controls regarding data access.

• Industry standards Elektra Go is in compliance with:

  • SOC 1: The System and Organization Control Level 1 are provided by AWS Artifact reports you can find at the following link.​

  • PCI: As an MSA Open CP platform partner of Central Payments, we access data for one-time use from the CP platform.

    • ​At this time we do not handle any PCI card information. Going forward we will comply with the best industry standards and those include the implementation of PCI - and depending on the volume of operations - pursuing subsequent levels up to level 1.

    • In the future we will pursue the implementation of PCI Level 4 compliance, and our first step towards that will be the completion of the PCI DSS Self Assessment Questionnaire (SAQ A).

  • SO 27001: Fraternitas is not planning to pursue an ISO certification at this moment, but we will assess future needs as a part of a continuous improvement process.

​

​

Malicious Threat and Application Security

​

As a part of our organization's cyber-security framework, we are implementing market-leading malicious threat prevention tools to protect the application and to prevent reverse-engineering of web and mobile apps, obfuscate code and app tampering and insert security mechanisms into apps.

​

• Digital.ai We want to have strict alignment with the best industry practices and we have implemented the solution from Digital.ai to to rely on this third-party software to provide the app with more security such as, for example, encrypted binary code (ipa, apks), debugger detection, jailbreak detection and monitoring that the device has not been compromised.

• Riskified: We’re implementing riskified as an automatic fraud detection analysis solution. Each order will be monitored through this service and approved or rejected using machine learning.

• JWE tokens encryption  for all the services between APIs and mobile apps.

• App Transport Security implementation in IOS App.

• Obfuscated code in Android App

• Ekata which is part of the Mastercard services, we have the plan to implement on 2Q 2024 to add an extra layer of security for KYC

• Brighterion also part of the MC services, planned on 2Q 2024

 

 

Vision for the future

​

We continuously perform security audit testing. This results in a regular updating of our security in accordance with a variety of Legal and Regulatory Compliance requirements from entities such as the FDIC and other USA financial regulators. 

Our aims as an organization:

• Enhance customer and partner trust to ensure enduring relationships and engagement.

• Pursue enhanced information security on all levels.

• Continue to improve our readiness towards risk management.

• Continuous improvement in regards to incident response.

 

Creation Date: 19/01/2023