Security & Data Handling

Security and Data Handling

Payment processors handle the most sensitive data in commerce. We designed Fraudhalo's data layer around the principle of minimum necessary data: we score transactions, not store card numbers.

PCI DSS Scoping

Designed to operate outside PCI DSS scope.

Fraudhalo is designed to operate outside PCI DSS cardholder data environment (CDE) scope by construction. The Fraudhalo API accepts only tokenized or hashed card identifiers — not raw PANs. This means:

  • Fraudhalo does not store, process, or transmit raw Primary Account Numbers (PAN)
  • Fraudhalo is not a cardholder data environment under PCI DSS definitions
  • Integration with Fraudhalo does not expand your CDE scope
  • Tokenization is the recommended integration pattern; hashed identifiers accepted as an alternative

Customers should verify PCI DSS scoping implications with their Qualified Security Assessor (QSA) for their specific integration configuration. This description reflects Fraudhalo's architectural intent and is not a formal compliance certification.

Encryption

Encryption in transit and at rest.

In transitTLS 1.3 minimum. TLS 1.2 accepted for legacy integrations. Plain HTTP requests rejected.
At restAES-256 encryption for all stored transaction and scoring data.
Key managementAWS KMS-managed encryption keys. Key rotation on 90-day schedule.
API keysAPI keys are scoped per environment (test / production) and can be rotated at any time via the customer dashboard.

Data Residency & Retention

US-only data processing.

All transaction data is processed and stored within the United States. Fraudhalo operates in AWS us-east-1 (primary) and us-west-2 (secondary for failover). No transaction data is transferred to non-US regions.

Data retention: 90 days

Transaction scoring data retained for 90 days by default. Configurable to 30 days upon request. Longer retention available for Enterprise customers requiring audit trail data.

No long-term PAN-adjacent storage

No raw card numbers stored at any point. Card hashes and tokenized identifiers retained for velocity signal computation within the 90-day window, then purged.

Access Controls

Role-based access and audit logs.

  • RBAC: Role-based access control with Admin, Analyst, and Read-Only roles for customer dashboard access
  • Audit log: Full audit log of all API decisions, threshold changes, and user actions — exportable in JSON format
  • SSO: SAML 2.0 SSO integration planned; available for Enterprise tier customers
  • MFA: Multi-factor authentication required for all dashboard accounts

SOC 2 Roadmap

SOC 2 Type II audit in progress.

Fraudhalo is currently undergoing a SOC 2 Type II audit with an expected completion in Q4 2026. The audit covers the Trust Service Criteria for Security, Availability, and Confidentiality.

Pilot customers can request a copy of our current security documentation, including our information security policy, incident response plan, and vendor risk management procedures, under NDA.

Security contact: For responsible disclosure of security vulnerabilities or security-related questions, contact [email protected]. We aim to acknowledge security reports within 24 hours.