Paydiant Security

At Paydiant, we've taken a different approach to mobile payments from the beginning – we focus on security. We never store any account or sensitive information on the mobile device – enter in card data once, it is sent to our systems, and never touches the consumer’s phone again. Data is stored in an expertly monitored, 24x7 secure environment. When a Paydiant-powered mobile wallet is used for either an in-store payment or a remote order, you can trust that our patented approach to mobile payments and sophisticated security techniques will ensure the complete protection of personal and financial data. All communication is fully encrypted and the data encoded in the transaction token is not tied in any way to the consumer or any sensitive information; it represents a potential purchase that the consumer gets to claim from their phone.

We've worked hard to create the safest way to pay, ever.

Responsible Disclosure

  • If you are a security researcher and would like to report a vulnerability that you've found, please see the PayPal Bug Bounty page.


  • Payment information is never stored on the phone. In fact, no card data is ever stored on the phone; this is a 100% cloud-based wallet.
  • Our unique device fingerprinting ensures your mobile wallet is usable only on authorized phones.
  • Consumers can deactivate their wallet remotely if they ever lose their phone, but there is no need to notify the card issuer, sensitive data is safe on our servers even if the phone is not.


  • An alpha-numeric, randomly generated transaction code is used to associate the consumer’s phone with a POS system through QR code, Bluetooth Low Energy (BLE), or NFC communication. Since we've taken all the sensitive and personal information out of it, we can safely support any last-inch physical medium.
  • Payment information and personal information are never represented or tied to the transaction token.
  • Transaction tokens are only valid for one transaction and expire automatically.


  • We use multiple factors to authenticate the consumer, their device, and their card information before every transaction.
  • We never display card data, even as a token. No one can take a screenshot of a token on the phone and use it with a different phone.


  • Our data centers and encryption methods undergo rigorous regular auditing and validation by the top security analysts in the world.
  • We use TLS and AES encryption with high strength cryptographic keys throughout the entire environment to protect data at all times.
  • All servers and network devices are hardened and custom-built for mobile wallet transactions.
  • The mobile and server code we write is reviewed, validated, and certified by third party experts prior to every release.


  • Our platform complies with all Payment Card Industry Data Security Standard (PCI DSS) regulations and guidelines. We are certified annually as a Level 1 payment service provider.
  • We align our security practices with industry standard ISO 27001.
  • We are a certified SOC2 Type II compliant organization validated in-line with all five AICPA principles: Security, Confidentiality, Processing Integrity, Availability, and Privacy.
  • Our platform regularly exceeds industry, government, and top tier financial institution security requirements.


  • Our process doesn't interrupt existing merchant or card issuer fraud and liability systems. They still protect you.
  • Real time monitoring of mobile transactions and wallet usage lets us proactively detect when malicious activities are underway, and stop them before a payment can happen.