Security measures

What technical standards has Payit™ been tested to?

Payit has been tested robustly to bank grade standards. This includes but is not limited to: User Acceptance Testing, Accessibility testing, System integration testing, Penetration testing and Security testing. All new features and releases are comprehensively tested in a number of environments before changes are released to customers. Payit conforms to the UK Open Banking standard for PISP payments.

What are the security protocols between us and Payit?

Payit provides a REST API which requires an internet connection using HTTPS (TLS1.2). Payit will provide you with OAuth2 client credential certification which will be used to authenticate you when you connect with Payit. Payit will provide you with a signed certificate to establish a secure SSL handshake.

Is Payment Card Industry Data Security Standard (PCI DSS) relevant to Payit?

PCI DSS is only relevant to the capture of credit card information and as Payit does not capture these details, PCI DSS is not applicable. This includes where a Payer or merchant opts to input a card PAN as the reference within a payment (for example when using Faster Payments to pay a credit card balance).

What do I do if I suspect fraud?

If you’re an existing business customer with a query, please get in touch by contacting the team at [email protected], or report your concerns online at www.actionfraud.police.uk.

How can I protect my business from fraud?

Natwest offers training and support for your business, including webinars and free fraud e-learning courses.

Visit the NatWest security hub to find out more.