The Best Practices

Your security is placed first on Cushy Pay. To ensure maximum safety, we have made a simple list of security to-do's you can follow:

      • Never divulge your bank particulars such as – Credit/ Debit card number, PIN, OTP, and CVV in any mode, including texts, emails, or calls.

      • Cushy Pay will never request you for any of the confidential details as stated earlier.

   • Cushy Pay will never call you for any transaction through the app or ask you to install any software that requires remote access like AnyDesk,         TeamViewer, etc.

      • Do not respond to such texts, emails, or calls.

      • You can reach our customer support only through the app. Never call or converse with phone numbers that claim to be our support executive.


Privacy best practices

Cushy Pay does not sell your personal information to or share it with unaffiliated third parties for their marketing or advertising without your unequivocal agreement

Please check our privacy policy for more details



Cloud infrastructure

Cushy Pay is hosted on a virtual private cloud on amazon web services, providing a protected and scalable platform to ensure we can offer you services securely and reliably.


Perimeter security

We have deployed in-depth defence architecture using a network firewall, DDOS protection layer, web application firewall, and a content delivery network.

Cushy Pay's infrastructure is launched in compliance with the AWS well-architected framework by also incorporating practices from the AWS cloud adoption framework

We have a 3-tier architecture that integrates Grade A practices from different certifications and standards.

We ensure strict network segmentation and isolation of environments and services.


Host security

We use industry-leading solutions for anti-malware, anti-virus, intrusion detection systems, intrusion prevention systems, application control, file integrity monitoring, automated patching, and application and audit log aggregation.

All of our servers use the Amazon Linux Centre for Internet Security (CIS) standards.



Data security

Cushy Pay ensures separation of environments and segregation of duties and has strict role-based access control on a documented, authorized, need-to-use basis

We use essential management services to limit access to data except for the data team

Any stored data is protected by encryption at rest and sensitive data by application-level encryption

Cushy Pay uses backup/restore testing for data reliability, snapshotting for data durability, and data replication for data resiliency.


Incident and Change Management

Cushy Pay has deployed mature processes around change management, which enables us to release thoroughly tested features for you both reliably and securely, allowing you to enjoy the Cushy Pay experience

Cushy Pay takes a very aggressive stance on incident management on both systems downtime and security. We have a network operations centre and an information security management system in place that quickly responds, remediates, or escalates any incidents arising out of planned or unplanned changes.


Vulnerability assessment and penetration testing

We have an inhouse network security team that uses industry-leading products to conduct manual and/ or automated activities for VA/PT

We engage both static and dynamic application security testing, merged with our continuous integration/ continuous deployment pipeline

Cushy Pay also requests cert-in certified auditors to do periodic external security testing and audits.


Standards and certifications

We are a PCI DSS v3.2.1 certified company. We have implemented appropriate industry-standard security controls governed by the PCI council that helps us protect all our customer's card data in a highly secure manner.

We have successfully completed UPI compliance per circulars 15b & 32 by the NPCI.

Cushy Pay is an ISO 27001:2013 certified company and has implemented required information systems management system policies and procedures to maintain industry-standard best practices and appropriate controls.

We have completed "data localization" requirements as per Reserve Bank of India(RBI) guidelines. This means all our customer data securely reside inside on cloud-based servers out of India (AWS Mumbai region).

Henceforth, all compliance/audit statuses will be updated in this section of this policy.


Responsible disclosure

We at Cushy Pay are committed to our customer's data and privacy

Cushy Pay blends security at multiple levels within our products along with first-rate technology to ensure our systems maintain strong security.

The complete data and privacy security design allow us to defend our systems ranging from low-level hang issues to sophisticated attacks.

As a security enthusiast or researcher, if you have found a possible security vulnerability on Cushy Pay products, we request you to report the issue responsibly to us.

Please send a bug report to us at support@cushypay.in with comprehensive steps to reproduce the susceptibility

We will put our best efforts into investigating and fixing the legitimate issues in a reasonable time frame, meanwhile requesting you not to disclose them publicly.


go-to-top
footer-logo

For Support/ Queries support@cushypay.in

email-icon
  • https://play.google.com/store/apps/details?id=com.omniware.cushypay
  • https://apps.apple.com/in/app/cushy-pay/id1607310778

Copyright 2021.
Omniware Payments Private Limited.
All rights reserved.

Payment Card
ISO-DSS