Security
Supporting our customers in case of data breaches
Considering recent cyber-attacks and data breaches across Australia, our customers’ and partners’ data and security is of utmost importance to us. Here are the ways we protect you:
Data Security
- Data security is a top priority for bzTrack. Our cloud hosting is provided by world-class cloud service provider Amazon Web Services and we have 24-hour surveillance and protection. All data is fully encrypted and always up-to-date.
- Strong encryption protocols to ensure the confidentiality and integrity of data both at rest and in transit
- We are committed to the security of your data and our platform provides multiple layers of protection for the personal and financial information you entrust to bzTrack. You can find out more by viewing our Privacy Policy.
Account data
- We collect and store bank account details (BSB, account number and account holder name) and no other details are collected or stored. All sensitive data is encrypted in the database.
Network Security
- All access to our networks is protected by authentication with password and authentication keys. All communications to the network is via secure channels (HTTPS and SSH).
- Vulnerability Assessments and Penetration Testing are regularly performed on the networks to ensure our highest levels of security.
Third-party Security
- We have engaged with Vectra Corporation (https://www.vectra-corp.com/) for our Security Operations Centre (SOC) and Security Incident and Event Management (SIEM) monitoring and also for assessment for PCI DSS certification for advanced threat detection. We have implemented IBM’s QRadar for SOC and SIEM software.
- We have engaged with Crossbow Labs (https://cbl.world/) for Virtual Security Services advising and guiding to ensure controls required for PCI DSS certification and ISO 27001 certification are in place.
If you want to find out more information about how we keep your data safe, please get in touch at support@bztracknull.com
We take security seriously and are a proud supporter of The Australian Cyber Security Centre. They offer helpful information on what to do if you think you’ve been a victim of a cyber-attack including:
What do I do if my data has been breached?
- 1. Know how you are affected. If you are informed of a breach, or read about one in the media, make sure you understand what data may be affected. Consider contacting the organisation that has been breached to find out what personal or sensitive data has been compromised.
- 2. Follow the steps in the ACSC tool 'Have you been hacked?' to find out what you can do if your information has been breached. Select ‘My information has been lost or stolen’ and follow the prompts. The tool will help you secure your finances, accounts, email and identity.
- 3. If your password has been compromised, reset all accounts with that password immediately.
- 4. Be sure to confirm any communications from an organisation with an official source. Scammers might try to take advantage of you because of a data breach. For example, you may receive an email asking you to reset your password because it was compromised. Go to the official website to do this instead of using any links provided in the email.
- 5. Review your account security settings. Some online services allow you to view what devices have recently used your login details and any recent transactions. You can usually also log out those devices from these settings.
- 6. Refer to the Office of the Australian Information Commission website for more information on how to respond to a data breach containing your contact details, financial information, government-issued identity documents, tax file number and tax-related information and health information.
- 7. Visit the IDCARE website and complete the Get Help Form. IDCARE is Australia and New Zealand’s national identity support service. An IDCARE Identity and Cyber Security Case Manager can work with you to develop a specific response plan for your situation and support you through the process.
You can find out more at:
https://www.cyber.gov.au/learn/threats/data-security
Two Factor Authentication
bzTrack uses 2FA as an additional security layer to help you protect your account.
When you first join bzTrack, a One Time Password will be sent for security. By default, this OTP will be sent to your primary email address each time you log-in, but you can go to Two-Factor Authentication under the User menu once you’ve logged into bzTrack, and change this method to instead use the Google Authenticator app.
Two-Factor Authentication via email is a quick and easy way to make your account more secure, but Google Authenticator is considered a safter way of authenticating than email, especially if you are using Google Authenticator on a different device to the one you access bzTrack on.
If a user accesses bzTrack on their computer, and Google Authenticator on their phone, someone trying to access their bzTrack account would need both devices and their account password to complete the OTP and log in.
You can download the Google Authenticator app from Google Play or the App Store.
Whichever method you use, please remember that strong and unique passwords for ALL your devices and services, offer the best first layer of security for your accounts.
Dual Authorisation
bzTrack's Dual Authorisation feature gives an extra layer of security, oversight and peace of mind as to when and where your supplier payments are going.
Security around payments is more important than ever so bzTrack provides systems to make sure that least two people are aware and authorising any payments are going out. Dual authorisation is policy in many organisations, and bzTrack makes it so simple.
Once set-up, when a user completes the Pay Now, or Pay Later flow, that transaction will be assigned as ‘Awaiting Authorisation’. Any other user with the appropriate role will receive an email letting them know that authorisation is required.
They will be able visit the ‘Authorisations’ page and Approve or Reject transactions. If a payment needs to be edited before being approved, the user that set it up will need to make the change before approval, again ensuring that two people have agreed what is going out and when.
PCI DSS Compliant
In today's fast-paced business landscape, managing invoicing, cash flow, and payment processing efficiently and securely is vital for the success of any organisation. bzTrack, a one-stop-shop for all things related to invoice and cash-flow management in Australia provides payments tools within the business services for bzTrack users. With its recent achievement of the coveted ‘Attestation of Compliance’ for PCI DSS (Payment Card Industry Data Security Standard), bzTrack has not only distinguished itself as a reliable and secure service provider but also brought forth a myriad of benefits for its valued customers.
PCI DSS compliance is no small feat, and for bzTrack, achieving this certification is a badge of approval that signifies their commitment to safeguarding sensitive financial information. The Payment Card Industry Data Security Standard is a set of stringent requirements designed to ensure the security of debit and credit card transactions. By complying with these standards, bzTrack assures its customers that their data and financial details are being handled with the utmost care and protection.
So, why does achieving PCI DSS compliance mean so much for bzTrack and its customers? Let's delve into the reasons why this milestone is a game-changer for all parties involved.
Fortified Data Security:
In today's digital world, data breaches and cyberattacks pose a significant threat to businesses and their customers. PCI DSS compliance means bzTrack has implemented robust security measures to protect sensitive payment card data. This reassures bzTrack's customers that their financial information is secure from potential cyber threats, fostering trust and confidence in the service.
Streamlined and Efficient Processes:
bzTrack's compliance with PCI DSS not only benefits its own internal operations but also provides customers with secure, streamlined and efficient processes. By integrating various payment methods such as bank accounts, card services, and Bpay, bzTrack simplifies and expedites the payment collection process for its users. The result is reduced administrative burden, allowing businesses to focus on their core activities.
Transparency and Real-Time Insights:
The compliance achievement reinforces bzTrack's commitment to transparency and accountability. Customers can track the status of their invoices and payments in real-time, eliminating uncertainties and guesswork. Knowing the exact location and status of payments provides businesses with valuable insights for better financial planning and decision-making.
Seamless Integration with Accounting Software:
bzTrack's seamless integration with Xero and other popular accounting software ensures that financial data remains up-to-date and accurate across different platforms. Accountants and bookkeepers can access the necessary information efficiently, promoting collaboration and reducing the risk of errors or oversights.
Empowering SMEs, tradies and sole-traders:
For SMEs, tradies and sole-traders, bzTrack's PCI DSS compliance opens up a world of possibilities. The ability to invoice on-the-go, create digital interactive invoices, and offer settlement discounting options empowers these professionals to expedite payment collection and maintain better control over their finances.
Enhanced Risk Management for Accountants and Bookkeepers:
Accountants and bookkeepers can also reap the rewards of bzTrack's compliance. By separating roles and using bzTrack for specific tasks, they can reduce the risk of fraud or unauthorised access to sensitive financial data, ensuring better overall security for their clients.
In conclusion, achieving PCI DSS compliance is a momentous milestone for bzTrack, solidifying its position as a secure and dependable service provider. By prioritising data security, streamlining payment processes, and providing real-time insights, bzTrack delivers immense value to its customers. Users all benefit from a service that not only simplifies invoicing and payment tracking but also ensures the protection of critical financial information.
When businesses choose bzTrack, they're not just selecting a service; they're choosing peace of mind and the assurance that their financial data is in the hands of a trusted partner. As bzTrack continues to thrive with its PCI DSS compliance, its commitment to innovation and excellence remains unwavering, raising the bar for the industry and empowering businesses of all sizes to thrive in an increasingly digital world.
