Modern security threats are constantly evolving. Whether a software vulnerability that exposes customer data or a malicious phishing email that gives unwanted access to a corporate network, each can have a significant impact on a company’s business operations. We at PayU India have implemented several security measures and countermeasures that protect any unauthorized access or compromise.

We take the security of our systems and data very seriously. We are continuously striving to maintain and ensure that our environment is safe and secure for everyone to use. If you know or have discovered any security vulnerabilities associated with any of PayU India services, we do appreciate your help in disclosing it to us in a responsible manner.

PayU India is ISO 27001:2013 Certified

Information Security and Risk Management are our top priorities hence PayU India has followed highly detailed ISO 27001 certification validation process which verifies the effectiveness of our internal security operations, secure software development practices and product capabilities. Our certification validates how the hyper-growth fin-tech company continues to maintain the leading compliance standards in the on-demand payment industry.

The ISO/IEC 27001:2013 certification is a gold standard in security recognized worldwide as the most authoritative, widely accepted, and most applied system certification standard in the field of information security. ISO/IEC 27001:2013 is an Information Security Management System (ISMS) standard by the International Organization for Standardization (ISO) and the International Electro Technical Commission (IEC). The standard ensures that organizations have established methodologies and a framework of business and IT processes to help identify, manage, and reduce risks.

Our ISO/IEC 27001 security compliance is regularly validated by an independent internationally recognized third-party auditing authority after a rigorous assessment of our information security management system and related business processes.

We will continue to uphold our security controls and practices to the highest standards to reduce the risk of data breaches, increase attack resilience against cyber-attacks, and ensure client data is safeguarded.

Certificate Validation -

PayU India is PCI DSS Certified

We always strive to provide best means to ensure the security and protection of our customers’ data, strengthening their confidence in us by providing services that correspond with changes and enhance the protection of secure payment channels and services.

PCI DSS compliance is one of the most stringent and most coveted security standard in the industry today. With 6 goals, 12 requirements and over 300 sub-requirements, for the cardholder data environment. PCI Data Security Standard is developed by PCI Security Standard Council, a group of card brands in the world including Visa, MasterCard, Amex, JCB and Discover.

PCI compliance helps us to reduce and minimize the risk of our payment systems from getting breached and theft of cardholder data.

We follow an extensive independent third party audit on PCI DSS by India's CERT-IN Empanelled Auditor adopting the highest security posture. It involves using meticulously developed compliance validation structure and security monitoring tools. Our auditor certifies our compliance with security requirements developed by the PCI Security Standards Council.

PayU India - Responsible Disclosure Policy

We at PayU India strive to create innovative products for our customers and considers protection of customer data a significant responsibility and entails highest priority.

We recognize how important it is to help protect integrity and security of our products. We understand that secure products are instrumental in maintaining the trust users place in us.

If you believe you know or have found a security issue, we encourage you to notify us and work with us on the lines of PayU India’s Responsible Disclosure Policy.