Security

SUPPORT

Call us at 866-277-4828 for assistance

Apriva uses strong controls to protect sensitive information that is exchanged with our site. Apriva information systems are operated by Apriva in a highly secure environment that maintains strict controls to prevent unauthorized access to the information and information services we provide. These controls include restricted physical access to all Apriva facilities, network firewalls, and logical access controls to prevent unauthorized access to Apriva-provided information and services.

Username and Password

Apriva assigns and uses usernames and passwords as a key control in assuring that each customer’s information is available only to the respective, authorized customer. Apriva provides its customer with a unique username and password that must be entered each time the user logs on to the Apriva system. It is important that the password be regarded as a secret and that it is protected from disclosure or compromise.

  • Do not share your Apriva username and password with others.
  • Do not allow others to observe your entry of your username and password when you log on to Apriva products or services.
  • Immediately notify your merchant services provider, or contact Apriva directly, in the event you suspect that your username and password have been compromised.

Cookies

Apriva issues "cookies" only to record encrypted authentication information for the duration of a specific session. The session "cookie" does not include either the username or password of the user. Apriva does not use "cookies" to store other confidential user and session information.

To report a Security Issue

For information on how to report security issues related to Apriva products and services, please review the Apriva Security Reporting Policy.

 

Apriva Security Reporting Policy

The security of our customers' data is our highest priority. Apriva subscribes to a policy of responsible reporting of security-related concerns and suspected vulnerabilities. We appreciate and encourage the responsible reporting of any concerns and suspected vulnerabilities identified in any Apriva product or service.

For all reported conditions that are of a security-related nature, including suspected vulnerabilities in any Apriva product or service:

  • Apriva acknowledges the report and will respond in a timely manner.
  • Apriva provides an estimated time for resolving the vulnerability.
  • Apriva notifies the reporting party when the respective corrective fix is released, or the vulnerability has otherwise been addressed.

Apriva is committed to working with the security community to respond to reported vulnerabilities, and it is Apriva's policy not to initiate legal action against any vulnerability reporting person or entity provided that:

  • No attempt is made to perform any identification, verification or exploitation of a vulnerability that addresses or contacts Apriva's networks or online services.
  • Full details of the suspected vulnerability are privately shared with Apriva by contacting the Apriva Product Security Office at the number below.

Apriva does not permit any persons or entities to engage in any activities which:

  • Cause, or are designed to cause, the failure, interruption, or degraded performance of any Apriva information services;
  • Attempts to gain unauthorized access to information contained within any Apriva product, service, or information system; and/or
  • Attempts to perform unauthorized changes to, or the destruction of, any information contained within any Apriva product, service, or information system.

No compensation:

Apriva does not provide financial compensation for reporting suspected vulnerabilities. Apriva will reject any request for compensation related to the reporting of vulnerabilities.

Reporting of security-related concerns or suspected vulnerabilities

To report a security-related concern or a suspected vulnerability in any Apriva product or service:

  • Call the Apriva Support Desk at 1-866-277-4828 and ask to be connected to the Apriva Security Team

 

Suggested Security Practices

Apriva uses strong security controls to protect sensitive information that is exchanged with our gateway. The Apriva Security Team suggests the following good security practices for the safety and protection of your business, smartphone and merchant account:

  1. Please be sure to keep your smartphone in your possession at all times.
  2. 2. Read and follow your manufacturer’s user guide instructions for the secure use of the device:
    1. Use the device security features to require the entry of a unique PIN/password to “unlock” the device.
    2. Do not modify the software of your smartphone via “Jailbreak” or similar applications for use with non-traditional wireless networks or unassigned application
      1. Do not attempt or allow modifications to the device or its software that is intended to, or known to, override the manufacturer-supported features and operational capabilities of your smartphone.
      2. Do not use a device that has been modified to override the manufacturer-supported features and operational capabilities of the smartphone.
    3. Specify a strong PIN to access AprivaPay – a minimum of four digits is required, but a longer PIN is more secure. Avoid repeating or predictable sequences (‘1111’, ‘1234’).
    4. Proceed with caution with any message containing links to Web sites.
      1. Phishing attacks – these are often e-mail or text messages seeking sensitive information like usernames, passwords, credit card numbers or other sensitive information.
      2. Fraudulent provisioning messages – You may receive an email from Apriva to obtain your initial “download” of the AprivaPay application. However, you should be suspicious of any subsequent message (SMS or email) that encourages you to follow a link for any software updates for your AprivaPay application.
      3. Malware – emails or SMS messages containing links to Web sites may introduce viruses or other malicious programs that can attack your smartphone.
    5. Be alert for updates to your Apriva application and be sure to upgrade in a timely manner. If there is a newer version of AprivaPay available for your phone, you will receive an error/information message when you launch AprivaPay letting you know. You can download and install the update at your convenience. Note: You will never receive an e-mail or text message with a link to follow to download a new version of AprivaPay.
    6. Apriva recommends that you always exit the AprivaPay application when you are finished using it. The application will time out in 10 or 15 minutes, but you can help ensure secure operation by exiting AprivaPay when you are done with it.

    3. Call us at 866-277-4828 for assistance