In our previous article, we discussed the risks associated with storing crypto in a custodial wallet. In this article, we aim to outline how we mitigate those risks.
The Paybis wallet leverages the infrastructure provided by one of the industry leaders — Fireblocks. Fireblocks is renowned for its strong focus on security and safety.
Among the various security features that Fireblocks provides, the following are particularly noteworthy:
- SOC 2 Type II certification
- ISO 27001, ISO 27017, and ISO 27018 certifications
- MPC (Multi-Party Computation) technology
- Secure enclave
- Policy Engine
We will delve into each of these features in more detail below.
1. SOC 2 Type II certification - SOC 2 Type II certification is an auditing procedure that ensures a company securely manages data to protect the interests and privacy of its clients. It signifies that a service provider has passed the evaluation of their non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy over a specified period. This certification is a marker of trust and reliability for customers seeking secure and compliant cloud services.
2. ISO 27001 is an international standard for managing information security, ISO 27017 provides guidelines on the security aspects of cloud computing, and ISO 27018 establishes a code of practice for protecting personal data in the cloud. Together, these certifications demonstrate that an organization follows best practices in information security management, specifically within cloud services, ensuring the confidentiality, integrity, and availability of data. They are indicators of a company's commitment to implementing a comprehensive and continuously improving information security management system (ISMS).
3. MPC (Multi-Party Computation) technology is a cryptographic protocol that allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. It enables secure, distributed decision-making and processing without a single point of failure or trust, enhancing the security of digital transactions and data sharing. This technology is particularly valuable for enhancing privacy and security in blockchain operations and secure data processing.
4. Layer 2 secure enclaves provide an advanced security feature where private key shares are stored in a protected area of the processor hardware, inaccessible to the operating system and immune to extraction by malware or hackers. The data within these enclaves is encrypted, ensuring its integrity even if the server is compromised. Fireblocks employs various secure enclave technologies, such as Intel SGX, AWS Nitro, and Hardware Security Modules (HSMs), to fortify private key management.
5. The Policy Engine is a security feature that allows organizations to implement tailored approval policies for each transaction. Users can configure a set of rules that govern the execution and authorization of transactions, ensuring compliance with the organization's specific security protocols and risk management strategies. This engine enhances control over transaction flows and reinforces operational security.
The aforementioned security features enable Paybis to ensure that our wallets are secure and adhere to industry standards.
While we cannot reveal extensive details about our internal processes, procedures, and practices, we can offer a concise overview of how we mitigate other risks associated with Paybis wallets:
Counterparty and Liquidity Risk – Customer assets are segregated into dedicated addresses when they choose to store them in Paybis Wallets. This allows our customers the freedom to verify their balances on any block explorer, independently of logging into their Paybis account.
Regulatory Risk – Paybis employs a dedicated team of legal and compliance experts to ensure that we remain compliant with the latest regulations.
Privacy Concerns – Paybis holds PCI/DSS certification, which necessitates annual recertifications and audits. Moreover, Paybis engages in external, independent penetration testing to secure our customers' data.
Operational Risk – Utilizing Fireblocks' Policy Engine and our internal tools, we set various rules and access levels to prevent any unauthorized actions.