When dealing with monetary transactions, the highest level of security must be obtained and maintained at all architectural levels. This applies both to the client using the service and the provider of the service.
The password of the user account must be chosen with care and should be unique, not similar to any other password being used within the organization. Also, make sure passwords are not visible in log files.
Please inform Trustly of the IP-addresses / IP-range from which you will be accessing the service.
All communication between services, both internally between servers, and externally with Internet servers, is encrypted using SSL to prevent eavesdropping.
Please note that TLS 1.2 must be used for all requests that are sent to Trustly's API. TLS 1.0 and TLS 1.1 are no longer supported.
The entire system is fully redundant, both at the software component level and the physical level.
Trustly's server certificates are rotated on a yearly basis (sometimes more frequent) without prior notice. It's important that you trust the certificate hierarchy when communicating with Trustly's API. Certificate "pinning" should not be used.
Updated 10 months ago