Security Hero2

Keeping your business and customers safe and secure with Vend

Everything you need to know about how Vend protects your business’ and customers’ data.

Your data security is our top priority.

Data security is paramount in any retail business. Keeping your business’ and customers’ information secure enables you to build and maintain trust with shoppers and helps keep your business running smoothly. That’s why Vend makes it a top priority to protect your and your customers’ data. This page will offer an overview of the various steps we take to keep your business safe from threats.

Compliance

COMPLIANCE

Vend complies with all the necessary security standards and regulations.

In addition to complying with the Payment Card Industry Data Security Standard (PCI DSS), Vend implements strict controls across our platform to abide by the EU's General Data Protection Regulation (GDPR) regarding the processing of personal data of individuals residing in the European Union (EU).

Vend also engages in various forms of penetration testing. Aside from conducting annual internal and external penetrations of Vend's office networks, we engage with independent parties to conduct application-level and infrastructure-level penetration tests at least once a year. The results of these tests are documented in our Vulnerability Management Policy and Procedures.

Vend is hosted by Amazon Web Services (AWS). You can access all AWS compliance and audit reports through the AWS Artifact portal.

Infrastructure and endpoint security

INFRASTRUCTURE AND ENDPOINT SECURITY

We keep our network safe and secure against unauthorized access.

We’re constantly enforcing measures to keep Vend's network safe and secure. Such measures include system monitoring, logging, and alerting, as well as Distributed Denial-of-Service (DoS) Protection through AWS Sheild Advanced.

And to protect Vend from unauthorized access via remote devices, all company-issued devices to our employees are configured, updated, and tracked by Vend's endpoint management solutions. By default, Vend workstations are equipped with data encryption, firewalls, and strong passwords.

We also centrally manage access to Vend's network and applications, and we continuously audit access and privileges so they're in line with Vend's Access Control Policy.

Organizational security

ORGANIZATIONAL SECURITY

We're continually educating Vend employees on all things security.

We want to make sure that everyone who works at Vend understands how to protect themselves — and Vend retailers — from threats.

To that end, we conduct employee background checks to verify each candidate's education and employment. Once hired, all Vend employees are expected to adhere to Vend's security policies, and the Security team closely monitors compliance.

Vend also conducts security awareness training for all Vend employees once a year. The program covers everything from data classification and handling to password hygiene, physical security, and more.

Application security

APPLICATION SECURITY

We ensure that the Vend app is secure and data is well-protected.

How do we ensure a safe and secure experience when using the Vend app? For starters, all data transmitted through Vend are encrypted using the latest recommended secure cipher suites. We protect login confidentiality by hashing passwords using the bcrypt algorithm.

We protect the Vend app from brute force attacks by implementing rate limiting and a check to see if you’re human. Plus, all secret keys used in Vend's product and app infrastructure are encrypted in AWS. Any changes made to production apps and infrastructure are strictly controlled, and we closely review any changes before implementing them.

We're always monitoring and testing for dependencies and vulnerabilities. We invite security researchers to put Vend’s security to the test through Vend’s private bug bounty program hosted on HackerOne, so we’re always aware of any weaknesses that need to be corrected.

Physical security

PHYSICAL SECURITY

We protect Vend hardware, software, networks, and personnel from physical actions that can comprise security.

A huge component of data security lies in protecting Vend from physical threats. This is why all Vend offices are controlled by badge access, alarm systems, and cameras. Every office also has shredders and secure bins for handling sensitive paper materials.

Vend's production infrastructure is located in AWS data centers, where physical access is strictly controlled by security staff, video surveillance, intrusion detection systems and more.

Operational security

OPERATIONAL SECURITY

We run a tight ship with our vendors and procedures.

When a security incident occurs at Vend, we immediately initiate our incident response (IR) procedures to identify, contain, and resolve the issue ASAP.

Regarding vendor management, Vend has an established and documented process for engaging a new vendor or supplier which involves an inventory of the asset, security risk assessment, and a legal review.

More information

If you want to be proactive about data security in your retail business, here is a practical guide on POS security that discusses how you can do your part to protect your business.