Encryption in transit and at rest
All data in transit is encrypted with TLS 1.2+. Sensitive data at rest is encrypted using AES-256.
Security
Security at Payments Central
We build payment infrastructure — security is not an afterthought, it is the foundation everything is built on.
How we protect your data
Security controls applied across the platform.
PCI-DSS principles
Card data is never stored on our own servers. Raw PANs are handled exclusively by PCI-DSS-certified payment partners or tokenised via PCPS before any storage.
Fraud detection
Transaction-level fraud signals are evaluated on every charge. High-risk patterns are flagged and escalated before funds move.
Infrastructure isolation
Production environments are network-isolated. Access is restricted to named personnel through MFA-enforced SSH with no persistent credentials.
Audit logging
Every API call, configuration change, and authentication event is logged with timestamp, actor, and outcome. Logs are immutable and retained for a minimum of 12 months.
Rate limiting and DDoS protection
All public endpoints are rate-limited. Infrastructure is protected by upstream DDoS mitigation to preserve availability during attacks.
Responsible disclosure
Found a security vulnerability? Please report it to security@redmutex.com. We ask that you give us a reasonable time to investigate and remediate before public disclosure. We take all reports seriously and will acknowledge receipt within 2 business days.
What we ask you not to do
- Access data that belongs to other users or merchants.
- Run automated scans against our infrastructure without prior written permission.
- Perform denial-of-service testing.
- Disclose vulnerabilities publicly before we have had a reasonable opportunity to respond.
Security contact
For all security-related enquiries: security@redmutex.com
For general support: support@redmutex.com