Hi there,  

At DailyPay, security is at the heart of everything we do. Just last month we hosted our first-ever Security Webinar, and now in an ongoing effort to keep our partners informed about important security work and upgrades, we’re excited to kick off the first in a series of ongoing Security Newsletters. Each quarter you can expect to hear from us about any updates and improvements we’ve made to our security system during the previous quarter, as well as any enhancements you can look forward to in the coming months.

- The DailyPay Security Team

YTD Security Updates

PCI DSS Level 1

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes/companies. DailyPay has achieved Level 1 PCI compliance and is now a validated PCI Service Provider. This validation provides further clarity and assurance for partners evaluating the breadth and strength of our security practices.

Multi-Factor Authentication

DailyPay has introduced Multi-Factor authentication (MFA), which provides an extra layer of protection for partners and employees. Please reach out to your Enterprise Partnership Manager for more details.

Sunsetting TLS v1.0 and v1.1

As of March 31, 2020, Transport Layer Security (TLS) 1.0 and 1.1 will no longer be supported by or available from DailyPay. All endpoints will be required to support TLS 1.2 after this date in order to function properly.

Q3 Security Roadmap

ISO 27001 Certification

By obtaining certification to ISO 27001, DailyPay will join the ranks of the few companies that step up and insist on independent and impartial assessments as a means of proving its credentials. DailyPay's information security management program will be tested and proven to be at the highest international standards, bringing peace of mind to our partners.

Achieving the ISO/IEC 27001 standard is a three-stage security audit:

• An initial review of the company’s ISMS
• An in-depth, formal compliance audit to test the company’s ISMS against the standard’s requirements
• Regular follow-up audits to confirm that DailyPay remains in compliance with the standard

ISO/IEC 27001 defines a set of best practice information security controls around which businesses can develop an Information Security Management System (ISMS). Established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission, ISO 27001:2013 is designed to ensure that businesses are implementing security in a consistent, coherent and cost-effective manner.

SOC 2 Type 2 Recertification

DailyPay has been SOC 2 Type 2 certified since June 1, 2018.

The Service Organization Control (SOC) 2 Type II examination certifies that an independent accounting and auditing firm has reviewed and examined an organization’s control objectives and activities, and has tested those controls to ensure that they are operating effectively. SOC 2 is based on Policies, Communications, Procedures and Monitoring. 

The period of time is typically six months to one year. This independent review ensures that the organization meets the stringent requirements set forth by the AICPA and CICA. When trusting an application with highly sensitive and confidential information, such as passwords, documents and secure images, obtaining high-level certification is imperative.

Have any questions about other security initiatives at DailyPay? Feel free to respond directly to this email or send a note to security@dailypay.com.