Call us at 866-277-4828 for assistance
Apriva uses strong controls to protect sensitive information that is exchanged with our site. Apriva information systems are operated by Apriva in a highly secure environment that maintains strict controls to prevent unauthorized access to the information and information services we provide. These controls include restricted physical access to all Apriva facilities, network firewalls, and logical access controls to prevent unauthorized access to Apriva-provided information and services.
Apriva's Payment Gateway Applications and Services
Username and Password
Apriva assigns and uses usernames and passwords as a key control in assuring that each customer’s information is available only to the respective, authorized customer. Apriva provides its customer with a unique username and password that must be entered each time the user logs on to the Apriva system. These passwords must meet minimum requirements for length and complexity, and must be changed at least every ninety (90) days.
It is important that you regard your Apriva password as a secret and that you protect it from disclosure or compromise.
- Do not share your Apriva username and password with others.
- Do not allow others to observe your entry of your username and password when you log on to Apriva products or services.
- Immediately notify your merchant services provider, or contact Apriva directly, in the event you suspect that your username and password have been compromised.
Apriva issues "cookies" only to record encrypted authentication information for the duration of a specific session. The session "cookie" does not include either the username or password of the user. Apriva does not use "cookies" to store other confidential user and session information.
Recommended Security Practices for AprivaPay
The Apriva Security Team suggests the following good security practices for the safety and protection of your business, Smartphone and merchant account:
- Please be sure to keep your Smartphone or mobile device in your possession at all times.
- Read and follow your manufacturer’s user guide instructions for the secure use of the device, including:
- Use the device security features to require the entry of a unique PIN/password to “unlock” the device.
- Do not modify the software of your Smartphone or mobile device via “Jailbreak” or similar applications for use with non-traditional wireless networks or unassigned application.
- Do not attempt or allow modifications to the device or its software that is intended or is known to override the manufacturer-supported security features and operational capabilities.
- Do not use a device that has been modified to override the manufacturer-supported features and operational capabilities of the Smartphone.
- Specify a strong PIN to access AprivaPay – a minimum of four digits is required, but a longer PIN is more secure. Avoid repeating or predictable sequences i.e., "1111", "1234").
- Proceed with caution with any message containing links to Web sites.
- Be alert for email-delivered “Phishing Attacks” and fraudulent provisioning messages:
- Phishing attacks are maliciously designed e-mail or text messages that attempt to obtain sensitive information from you directly (i.e., usernames, passwords, credit card numbers) or to compromise the security of your Smartphone or mobile device.
- Fraudulent provisioning messages – You may receive an email from Apriva to obtain your initial “download” of the AprivaPay application. The application download will always be delivered through the Apple App Store or Google Play. However, you should be suspicious of any subsequent message (SMS or email) that encourages you to follow a link for any software updates for your AprivaPay application.
- Note: You will never receive an e-mail or text message with a link to follow to download a new version of AprivaPay.
- Be alert for updates to your Apriva application and be sure to upgrade in a timely manner. If there is a newer version of AprivaPay available for your phone, the Apple App Store or Google Play will notify you of available updates. You can download and install the update at your convenience.
- Exit the AprivaPay application when not being used. Apriva recommends that you always exit the AprivaPay application when you are finished using it. The application will time out in 10 or 15 minutes, but you can help ensure secure operation by exiting AprivaPay when you are done with it.
Apriva Security Reporting Policy
The security of our customers' data is our highest priority. Apriva subscribes to a policy that encourages the responsible reporting of security-related concerns and suspected vulnerabilities. We appreciate and encourage the responsible reporting of any concerns and suspected vulnerabilities identified in any Apriva product or service.
For all reported conditions that are of a security-related nature, including suspected vulnerabilities in any Apriva product or service:
- Apriva acknowledges the report and will respond in a timely manner.
- Apriva provides an estimated time for resolving the vulnerability.
- Apriva notifies the reporting party when the respective corrective fix is released, or the vulnerability has otherwise been addressed.
Apriva is committed to working with the security community to respond to reported vulnerabilities, and it is Apriva's policy not to initiate legal action against any vulnerability reporting person or entity provided that:
- Any person or entity intending to scan, probe, exercise, or access any Apriva system or network component shall request and obtain written permission from Apriva prior to commencing any such activity.
- No attempt shall be made by any person or entity to disclose or compromise any information residing within or transported through Apriva system or network component, or to knowingly attempt to exercise or to exploit a vulnerability condition that may be present within Apriva systems and networks.
- Full details of the suspected vulnerability are privately shared with Apriva by contacting the Apriva Product Security Office at the number below.
Apriva does not permit any persons or entities to engage in any activities which:
- Cause, or are designed to cause, the failure, interruption, or degraded performance of any Apriva information services;
- Attempts to gain unauthorized access to information contained within any Apriva product, service, or information system; and/or
- Attempts to perform unauthorized changes to, or the destruction of, any information contained within any Apriva product, service, or information system.
Apriva does not provide financial compensation for reporting suspected vulnerabilities. Apriva will reject any request for compensation related to the reporting of vulnerabilities.
Reporting of Security-Related Concerns or Suspected Vulnerabilities
To report a security-related concern or a suspected vulnerability in any Apriva product or service:
- Call the Apriva Support Desk at 1-866-277-4828 and ask to be connected to the Apriva Security Team.