Your security is our top priority. We implement industry-leading security measures to protect your business and your customers.
We employ multiple layers of security to ensure your data and transactions are protected
Highest level of payment card industry security certification, ensuring your card data is protected.
All data transmitted through our platform is encrypted using TLS 1.3 and AES-256 encryption.
JWT-based authentication with API key rotation and granular permission controls.
Regular security audits, vulnerability assessments, and 24/7 system monitoring.
Advanced fraud detection algorithms and real-time transaction monitoring.
Fully compliant with Central Bank of Iraq regulations and international security standards.
AmanExchange is fully compliant with all relevant Iraqi and international payment processing regulations.
Our certifications are regularly audited and updated to maintain the highest security standards.
Follow these guidelines to ensure maximum security when integrating with AmanExchange
Never share your API keys publicly or commit them to version control
Use environment variables to store API keys
Rotate API keys regularly (every 90 days recommended)
Use separate API keys for development, staging, and production
Implement IP whitelisting for API access
Monitor API usage for unusual patterns
Always verify webhook signatures using HMAC-SHA256
Use HTTPS endpoints for webhook delivery
Implement retry logic with exponential backoff
Log all webhook events for audit purposes
Validate webhook payloads before processing
Customer card data never touches your servers - handled on our secure checkout
Implement proper access controls and authentication for your dashboard
Securely store your API keys using environment variables
Encrypt sensitive business data at rest and in transit
Regularly backup your critical business data
Follow least privilege principle for user permissions
Use multi-factor authentication for admin access
Regularly review user access and permissions
Monitor for suspicious login attempts
Keep your integration code and dependencies updated
Implement proper error handling without exposing sensitive data
Conduct regular security training for your team
If you discover a security vulnerability or suspicious activity, please report it immediately to our security team.
Email: security@aman.exchange
Phone: +964 773 043 7312 (24/7 hotline)
We take all security reports seriously and will respond within 24 hours.
We maintain a comprehensive incident response plan to quickly address security issues:
Detection & Analysis
24/7 monitoring with immediate alert escalation
Containment
Isolate affected systems and prevent further damage
Investigation
Thorough analysis to determine scope and impact
Resolution & Communication
Fix vulnerabilities and notify affected parties
How we protect your sensitive information
Encryption
All data is encrypted at rest using AES-256 and in transit using TLS 1.3
Data Segregation
Merchant data is logically segregated and isolated in secure environments
Access Controls
Multi-factor authentication and role-based access control for all systems
Audit Logging
Comprehensive logging of all access and changes for security audits
Regular Backups
Daily encrypted backups with geo-redundant storage for disaster recovery
Data Retention
Data retained per Central Bank requirements and securely deleted afterward
Our security team is here to help. Contact us for security-related inquiries or to report vulnerabilities.
security@aman.exchange
•
+964 773 043 7312
