IT Security

3 steps to ensure successful message delivery

By Banking Communications, Business SMS, IT Security No Comments

Follow these simple steps when uploading your customer database into the Gikko messaging platform to avoid common errors:

1. Collect the correct data.

The most important data is the mobile number of your client. Having the first and last name of you client is also important for personalisation. Gather this information in an excel sheet.

2. Input data correctly.

The data entered should match the column name, for instance where numbers are involved- bank account numbers should not be in the column for mobile numbers.

3. Include the correct country code.

The mobile number must include the correct country code at the beginning, for example, Zimbabwe’s is 263.

Be secure with our 007 security measures

By Banking Communications, IT Security No Comments

001- Server security

Malware protection is used on all servers and endpoints connecting to production systems to ensure a secure environment. Backup copies of production data are created and tested on a regular basis to ensure continuous data availability. Redundant hardware and fail-over capabilities are ensured for backup systems, mostly including offsite (remote) storage. 

002- Backup security

Backups are encrypted, with physically secured access. Hardware failures on media containing production data are handled exclusively by Infobip personnel, i.e. no 3rd party is allowed to transfer the media out of secure data centre premises. 

003- Monitoring activity of platform

Critical information regarding platform operations and customer data (such as creating, modifying and deleting data, as well as warnings, exceptions, faults and information security events) are properly logged and are monitored and managed 24/7 by Support, Networking and Technical and organisational measures 11 Security Operations teams. 

004- Recording Log-ins

Logs retention varies depending on the criticality and storage systems. API requests logs retention period range from 4 to 10 days (due to excessive storage requirements). Customer User Portal (CUP) audit (authentication) logs are preserved by default for 30 days. Extension of the retention period can be requested, subject to discussion due to the storage requirements.

Security/audit logs (including successful and failed authentication attempts to core production servers) are collected, analyzed and stored securely on the central logging system. Special (extended) logging principles are applied for PCI DSS scoped environments. 

005- Messages Sent Records

Call Data Records (CDRs) containing metadata regarding message traffic are preserved for several months, due to several legitimate business reasons: 

  • lawful purposes, 
  • tax/audit purposes, 
  • billing/dispute processes,
  • clients’ requests (troubleshooting, analysis/reports), 
  • Detecting/ preventing, and investigating spam, 
  • fraudulent activity, network exploits and abuse. 

PCI DSS and critical security/audit logs are retained for a minimum of 12 months.

006- Internal Security

Business data confidentiality from employees perspective is ensured by security and privacy awareness programs and signing of very strict NDA guaranteeing he/she will not misuse confidential information, penalties applied.

007- Further development of security

Logging infrastructure upgrade is being implemented in terms of new communication logs management system, offering more robust and scalable solution. All parts of the email system are monitored in detail: anti-spam servers, main email system servers, load balancers and client access servers. Alerts are sent from multiple monitoring systems to dedicated mailing groups, supervised by redundant support personnel. Logs encryption initiative is currently undergoing, aiming to secure maximum possible extent of data, depending on the available technology.