At CrossClassify, we prioritize the security of our clients’ data and the integrity of our fraud detection platform. Our security measures are designed to protect against potential threats and ensure the confidentiality, integrity, and availability of the data we process. Below is an overview of our security practices and protocols.

1. 1.

   Data Encryption

   We employ end-to-end encryption (SSL/TLS) to secure all data transmitted between our clients and our platform. This ensures that sensitive information, such as personal identification details and transaction data, is protected from unauthorized access during transmission.

2. 2.

   Access Control

   We enforce role-based access control (RBAC) across all systems to restrict access to authorized personnel only. Access to sensitive data is granted based on the principle of least privilege (PoLP), ensuring that users have access only to the information and systems necessary for their roles.

3. 3.

   Multi-Factor Authentication (MFA)

   To further protect our clients and their data, multi-factor authentication (MFA) is required for all administrative access. This adds an extra layer of security to prevent unauthorized access, even if login credentials are compromised.

4. 4.

   Data Storage and Protection

   All data processed by CrossClassify is stored in secure, ISO 27001-compliant data centers. These facilities use the latest in physical and technical safeguards to prevent unauthorized access, loss, or alteration of data. Regular backups are performed to ensure data integrity and availability, with encrypted storage to protect against breaches.

5. 5.

   Continuous Monitoring and Threat Detection

   We utilize advanced monitoring tools to detect and respond to threats in real time. Our systems are continuously monitored for unusual activity or potential vulnerabilities, enabling us to identify and mitigate threats before they escalate.

6. 6.

   Incident Response

   In the event of a security incident, we have a dedicated incident response team that immediately acts to contain and resolve the issue. We follow industry best practices for incident management and will notify affected parties and regulatory authorities if a breach involving personal data occurs, in compliance with applicable regulations such as GDPR.

7. 7.

   Security Training and Awareness

   We conduct regular security training for all employees, emphasizing the importance of data protection, secure coding practices, and recognizing phishing attempts and other social engineering attacks.

8. 8.

   Third-Party Vendors

   When working with third-party vendors, we ensure that they meet our stringent security standards. All vendors with access to client data are required to adhere to contractual obligations that include implementing appropriate security measures and following relevant data protection laws such as GDPR.