Last updated 1 March 2025
Security
How RealPay safeguards your data and payment transactions.
Last updated 1 March 2025
RealPay is committed to protecting the confidentiality, integrity, and availability of the data and payment transactions processed through our platform.
We implement robust security controls aligned with industry’s best practices, global payment security frameworks, and applicable regulatory requirements. Our security approach supports the safe and reliable delivery of payment services across the African markets in which we operate.
1. Data Protection
RealPay applies strong data protection practices designed to safeguard sensitive information throughout its lifecycle.
Encryption
Sensitive data is protected using industry-standard encryption technologies. This includes secure encryption of data transmitted between systems as well as appropriate protection for data stored within our infrastructure.
Access Controls
Access to systems and sensitive information is restricted using strict identity and access management controls. These include role-based permissions, multi-factor authentication for privileged users, and comprehensive monitoring of system access.
1. Payment Security
RealPay’s payment infrastructure is designed to meet the security expectations of modern digital payments and financial services platforms.
PCI DSS
RealPay's card payment infrastructure is designed to support PCI DSS compliance. We work with PCI-compliant partners and ensure cardholder data is handled securely throughout the payment flow.
Tokenization
Card details are replaced with tokens where possible, reducing the scope of sensitive data in your systems and ours.
Fraud Prevention
We use real-time monitoring, velocity checks, and risk scoring to detect and prevent fraudulent transactions.
1. Infrastructure Security
Our technology environment is designed with security as a core principle.
Key measures include:
- Secure hosting environments and accredited infrastructure providers.
- Network security controls, including segmentation and firewall protection.
- Regular vulnerability scanning and penetration testing.
- Incident response and business continuity plans
These measures help ensure the resilience and reliability of our payment systems.
1. Data Security
We implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, loss, misuse, or unlawful processing.
1. Your Responsibilities
Security is a shared responsibility. Merchants and partners using RealPay services should ensure appropriate safeguards within their own systems, including:
- Protecting your API keys and credentials
- Securing your integration and customer-facing systems
- Comply with PCI DSS if you handle card data directly.
- Notifying us promptly of any suspected breach or compromise
1. Incident Response
RealPay maintains internal procedures to detect, investigate, and respond to security incidents. Where required by law, affected parties and relevant authorities will be notified in accordance with applicable regulatory requirements.
1. Reporting Security Issues
If you discover a security vulnerability, please report it responsibly to [info@realpay.co.za]. We appreciate responsible disclosure and will respond promptly.
1. Updates
We continuously review and update our security practices. This document may be updated to reflect changes in our controls or applicable standards.