Security, controls, compliance & resilience
As a world-class payments infrastructure technology provider, 'The Zepto Way' means fortifying our offering on the most solid security foundations possible.
Security compliance overview
They say it takes a village to raise a child. It's no different with security compliance at Zepto. Hundreds of controls are verified by our people, but we partner with top-shelf vendors like AWS, CrowdStrike, GitHub and Wiz to ensure we're at the leading edge of world class product, security and payment experience delivery. We maintain a high level of awareness over our technical environment, conduct assurance testing, maintain an agile governance model and Australian data sovereignty. And as a directly Connected Institution [CI] on the NPP for PayTo, we work closely with Australian Payments Plus sharing insights to ensure our payments ecosystem is robust, thriving and secure.
Security as a product feature
Zepto's security foundation supports and protects our payments infrastructure and the funds that flow through it. That foundation is something our customers rightly expect. It's non-negotiable, and it feeds into our view that solid baseline security controls are a product feature. Under the hood, Zepto’s authentication foundation is complex, but our API is designed for easy integration. The combination of safety, speed and convenience enables Zepto's enterprise customers to innovate and safely deliver extraordinary payment experiences.
Australian Cyber Security Centre partnership program
In 2023 Zepto joined the Australian Signals Directorate's (ASD) Australian Cyber Security Centre (ACSC) partnership program. The program offers real-time intelligence from the ASD on threats that might affect Australian businesses. It enables Australian organisations to engage with the ASD's ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy. As a Cyber Security Partner, Zepto enjoys access to threat intelligence, news and advice to enhance situational awareness as well as resilience-building resources.
Incident Response
The choice you made about your provider of payments infrastructure never matters more than when things go wrong. With 24-7 monitoring, engineers on call, and distributed incident managers always available, Zepto's incident management framework, resolution playbooks, speed of response, and transparent post-incident reviews reflect a maturity of approach commensurate with how seriously we take this. When it comes to moving money, your business is our business.
Systems, speed & safety
We believe that a serious approach to system security, controls and governance shouldn't mean 'slow'. Zepto's forward-thinking approach to building things with process automation in mind, enables agile decision-making while maintaining the highest levels of governance. We monitor the capacity of our environment in real time, and with embedded security scans and guard rails in place, Zepto can deploy code multiple times a day.
A blended model
Zepto's blended model of cross-skilled people and automation, and the control over processes that model delivers, improves assurance testing, governance and security. Having a cross-skilled team means that Zepto people know their areas of expertise intimately, but also see and understand the bigger picture. Those people are bulwarked by technologies and automation that make them faster and more effective.
Securing code deployments
Zepto was set up to deploy code as often as required throughout the day. But when code is deployed, many things can go wrong. Zepto's automated checks ensure the quality of the code. Branch protection ensures safe sequencing of deployments, while technical controls minimise human error and purposely malicious activity. On top of this, Zepto's continuous integration and continuous deployment (CI/CD) pipeline improves software delivery and identifies critical vulnerabilities throughout the software development life cycle via automation.
SRE: Site Reliability Engineering
Zepto's SRE team plays a vital role in delivering change management and ensuring that new code deployments are seamless and have minimal impact on our systems or those of our customers. The SRE team is responsible for building Zepto's tested and trusted templates with embedded security that developers can self-serve and assemble in agile ways to deliver extraordinary and secure payment solutions.