Protecting the confidentiality, integrity and availability of customer data and systems.
With Plastiq’s software security assurances, Plastiq facilitates customers security requirements while enabling the best, most cost-effective user experience.
Software Security Assurance
Plastiq relies on software to protect our environments and data in the cloud. The costs associated with incidents, emerging regulations, and keeping operating costs up to date require companies to pay careful attention to how Plastiq approaches software security and assess the security assurance practices of Plastiq’s supply chain. At every phase of the product development lifecycle, software security assurance is Plastiq’s methodology for building security into the design, build, testing, and maintenance.
Plastiq's software security assurance is a set of industry-leading standards, technologies, and practices, aiming at:
Information security is a first class citizen. Plastiq undertakes safeguarding our customer data seriously.
John Menerick
Information Security Officer
Security & IT Compliance
Our corporate practices
Plastiq protects the confidentiality, integrity, and availability of customer data and systems. With Plastiq’s software security assurances, Plastiq facilitates customers security requirements while enabling the best, most cost-effective user experience.
Multi-factor authentication
We recommend all customers to keep multi-factor authentication enabled. This is the most effective and simplest method to enhance the security of your accounts. This magnifies your company’s security and helps keep information private.
Educate employees about phishing
Phishing emails entice someone to open an attachment, visit a fake website, or enter their credentials in an unsecured way.
Please coach employees to not open unexpected attachments, click links in unexpected emails or open emails from unknown parties. Employees who receive email from unexpected parties should see if the email makes sense. The address should be verified— any email from Plastiq will contain the plastiq.com website address.
If you or any of your employees are unsure if a Plastiq email is legitimate, please forward the email to Plastiq Security at security@plastiq.com.
Phishing examples
Phishing scams use fake emails to get customers to share confidential information. Emails look as though they come from Plastiq and may contain links to what appears to be Plastiq, but they lead to a fake site designed to steal information. The scams have become more sophisticated, so it can be hard to know if the email is real or fake. The best way to avoid a phishing scam is knowing what to look for. Check out these recent examples.
Contact us
Our goal is to be a valuable collaborator in customer security.
For security-related inquiries, comments, or concerns, email security at security@plastiq.com
Help us identify and stop scammers, recognize trends in fraudulent activity, and improve the security of your service.
If you receive an email that appears to be from Plastiq, but seems unusual in any way, please forward it to security@plastiq.com.
Plastiq Security acknowledges the valuable role that independent security researchers play in internet security. As a result, we encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
Plastiq is committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us. Our security.txt is found here.
If you would like to join our private bug bounty program, reach us here.
Advisories
COVID-19: Plastiq has not experienced any significant business impacts.
Compliance
At Plastiq, we take the security of our customers, their payment recipients, and our partners very seriously.
It’s why we’ve introduced rigorous certifications, standards and frameworks that help ensure the safety of all the data and information that we’re entrusted with.
Certifications, standards and frameworks
PCI DSS Level 1 - Shared Services Provider
NIST Cyber Security Framework
NIST 800-30
NIST 800-115
Third party audits
Building security in maturity model