LakiPay logo

Security & compliance

LakiPay Security Overview

Share this page with your leadership, auditors, and partners to explain how LakiPay protects data, ensures uptime, and meets Ethiopian as well as global requirements.

Back to resources

Defense-in-depth Controls

  • Every service that stores or processes payment data sits inside isolated VPCs with strict network policies.
  • Secrets, keys, and certificates live in dedicated hardware security modules with auto-rotation.
  • Production changes require peer review, automated checks, and signed deployments through our CI/CD gates.
  • We run quarterly architecture reviews with internal security architects and an external partner.

Data Protection Pipeline

  • Customer and transaction data is encrypted in transit with TLS 1.3 and at rest using AES-256.
  • Sensitive identifiers (PAN, wallet IDs) are tokenized before they hit internal services.
  • Access to decrypted data is limited to short-lived, just-in-time sessions approved via multi-factor authentication.
  • Every decrypt event is logged and piped to our SIEM for correlation with user sessions.

Continuous Monitoring & Response

  • Real-time telemetry feeds into an automated threat detection stack (IDS/IPS + anomaly detection).
  • On-call security engineers receive pager alerts for deviations in auth attempts, API errors, or data egress.
  • We practice incident-response tabletop drills quarterly and update runbooks after every exercise.
  • Customers receive clear communication SLAs if an incident affects availability or data.

Compliance & Governance

  • Annual PCI DSS Level 1 assessments plus ongoing vulnerability scans keep us aligned with card standards.
  • Local data residency requirements are met through Addis-based primary storage and encrypted replication.
  • Vendor risk reviews and contractual controls ensure partners match our security expectations.
  • See the PCI DSS and RBAC guides for implementation details your internal auditors might request.

Looking for implementation guides?

Review the RBAC Guide and IP Whitelisting walkthrough to operationalize these policies inside your dashboard.