Product security

Last updated: May 24, 2018.

Mobi2Go is committed to the security of your application’s instrumentation and performance data. As part of this commitment, we use a variety of security technologies and procedures to help protect your information from unauthorised access, use or disclosure.

User management

We provide standard access to Mobi2Go’s software through a login and password.

Mobi2Go allows an unlimited number of authorised users to be associated with an individual account. Customers are responsible for managing their own accounts, including provisioning and deprovisioning their own users.

You control access

As a Mobi2Go customer you have the flexibility to invite unlimited admin users into your account to collaborate on your data. Admin users can have access at a store or head office level. Admin users can control everything within the store(s) and head office(s) where they have access.

Service security

Mobi2Go’s approach to protecting our systems and your data is to have multiple layers of security controls to protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. Mobi2Go’s security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.

Data tenancy

Mobi2Go is a cloud based service and as such we operate a tenancy based model across our data stores. Access to data is authorised by confirming access for a user to the associated tenancy and ensuring all queries are pre-filtered by the tenancy key.

Secure data centres

Mobi2Go is hosted within enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. These controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits. Mobi2Go maintains multiple geographically separated data replicas and hosting environments to minimize the risk of data loss or outages.

Disaster recovery

With respect to business continuity Mobi2Go operates from several Amazon Web Services data centres in Sydney. To maintain continuity of service Mobi2Go securely stores all raw inbound data which is currently active and within application retention periods in a secondary location to allow us to restore data following a catastrophic outage in our primary hosting location. Backups of our data stores are also stored in different physical sites and with different services to allow for fast recovery in the event of an individual data store failure.

PCI DSS compliance

PCI DSS stands for Payment Card Industry Data Security Standard. Essentially, it’s a set of rules put in place to ensure that all companies that process online and mobile payments, transmit, or store credit card data does so in a secure environment.

Mobi2Go works exclusively with third party PCI compliant payment gateways which adhere to and follow security best practices - as outlined by the PCI compliance standards.

The payment gateways supported by Mobi2Go securely store all card holder data and no credit card numbers or CSV data passes through or are stored on Mobi2Go servers or mobile applications.

Auditing

Mobi2Go keeps a log of user actions within the system so that changes that modify the configuration of your Mobi2Go applications or any destructive operations (e.g. deleting data) are clearly tracked and can be reviewed at any time.

Privacy

Mobi2Go is committed to protecting the privacy of our customers. See our full privacy policy here.