HomeGuidesRecipesAPI Reference
Log In
Guides

Platform Security

Know about Falcon's platform security.

Suggest Edits

At Falcon, we ensure secure, scalable, and compliant operations across all services. Empowering banks, fintechs, and enterprises to launch and manage card programs with confidence.

Our approach corresponds to secure-by-design architecture, relentless controls, and real-time monitoring to safeguard your data, users, and operations.

Client
➡️
Data 🔒
Falcon
➡️
Encrypted Request 🔒
Services

🔐 Key Security Principles

PrincipleDescription
Data EncryptionAll data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption standards.
Isolation by DesignTenant and enterprise data are logically isolated across environments using secure containerized and VPC-based infrastructure.

🛡️ Security Practices

Falcon uses the following best-in-class security practices to maintain the highest level of protection:

  • Ensuring security and privacy by design.
  • Data encryption during transit, and the rest.
  • Tokenization for PCI zones.
  • Regular vulnerability scans and analysis of audit logs to ensure data security.
  • External and Internal penetration test routines
  • WAF and edge firewalls
  • Improved infrastructure stability through scripted provisioning
  • Data encryption using AES-256 with keys stored in a separate security zone.
  • OAuth framework implemented for authorization, with OpenID Connect and JWT for authentication.
  • Service control policies are implemented to govern cloud usage.
  • Hardened database setup to reduce the attack surface.

🏗️ Infrastructure Security

  • API Gateway Security: Every API request is authenticated using API keys and OAuth2 tokens. Rate limiting is enforced.
  • Audit Trails: All system activities are logged, time-stamped, and stored for compliance and incident investigations.

📜 Compliance

Falcon adheres to industry-standard compliance and data protection regulations, including:

  • ISO 27001
  • GDPR & Indian data privacy laws (DPDP readiness)

🤝 Shared Responsibility Model

Falcon adopts a shared responsibility model:

  • Falcon is responsible for platform-level security: infrastructure, APIs, data protection, and service continuity.
  • Businesses and customers are responsible for safeguarding their application credentials, API keys, user access controls, and compliant usage.

🧾 Certifications and Audits

Falcon regularly goes through the following rigorous certifications and audits:

  • PSS SAR
  • PPI SAR
  • ISO 9001/27001
  • Data Localization
  • PCI DSS
  • PCI PIN SEC
  • VAPT: Web & Mobile Apps
  • Infra VAPT (Server / Firewall)
  • Backend API VAPT
  • Source Code Review (API and Web)

♻️ Continuous Security Enhancements

Falcon believes that frequent security improvements are essential. We regularly:

  • Patch the infrastructure and services with the latest updates
  • Conducts secure code reviews and static analysis
  • Evaluate and upgrade encryption, IAM, and audit policies

Updated 5 months ago

Related Information

Refer to the following pages for additional information about credit card concepts.