Security

Security at Payments Central

We build payment infrastructure — security is not an afterthought, it is the foundation everything is built on.

Encryption in transit and at rest

All data in transit is encrypted with TLS 1.2+. Sensitive data at rest is encrypted using AES-256.

PCI-DSS principles

Card data is never stored on our own servers. Raw PANs are handled exclusively by PCI-DSS-certified payment partners or tokenised via PCPS before any storage.

Fraud detection

Transaction-level fraud signals are evaluated on every charge. High-risk patterns are flagged and escalated before funds move.

Infrastructure isolation

Production environments are network-isolated. Access is restricted to named personnel through MFA-enforced SSH with no persistent credentials.

Audit logging

Every API call, configuration change, and authentication event is logged with timestamp, actor, and outcome. Logs are immutable and retained for a minimum of 12 months.

Rate limiting and DDoS protection

All public endpoints are rate-limited. Infrastructure is protected by upstream DDoS mitigation to preserve availability during attacks.

Responsible disclosure

Found a security vulnerability? Please report it to security@redmutex.com. We ask that you give us a reasonable time to investigate and remediate before public disclosure. We take all reports seriously and will acknowledge receipt within 2 business days.

What we ask you not to do

  • Access data that belongs to other users or merchants.
  • Run automated scans against our infrastructure without prior written permission.
  • Perform denial-of-service testing.
  • Disclose vulnerabilities publicly before we have had a reasonable opportunity to respond.

Security contact

For all security-related enquiries: security@redmutex.com

For general support: support@redmutex.com