? Question

Better-than-bank security

If you have money in a bank, you can feel safe paying through GunTab.

GunTab was built for security. We use strong encryption at multiple levels. Our servers are hardened. We closely adhere to best practices. We rely on the industry's top security professionals and perform frequent security reviews. This combination makes GunTab far more secure than the vast majority of banks. If you trust your bank with your money, you can trust GunTab.

Security technologies and mechanisms

GunTab implements all of the following advanced security measures:

  • TLS encryption. We use TLS to encrypt all internet connections between our servers and our users' computers. (TLS is the higher-security replacement for SSL.)
  • Encryption in memory. Sensitive data is not written to the hard disk, but instead restricted to memory so it can be securely erased.
  • Database encryption. The most sensitive data that users provide to us is secured by yet another layer of encryption at the database level.
  • Strong Authentication protocols. Users are required to have adequately strong passwords, and refresh them periodically.
  • Authorization controls. Every action a user performs with GunTab is subjected to a multi-layered authorization check.
  • Internal vulnerability scanning. Our code is regularly scanned for security weaknesses and compromised dependencies.
  • Firewalls. Our servers only accept particular types of internet traffic on specific ports.
  • Brute force protection. Our servers actively detect and take preventive measures against attempts to abuse or overwhelm them.
  • Intrusion detection systems. Our servers constantly monitor for unauthorized activity.
  • "Dark fiber" encryption. We even encrypt connections between servers in our secure data center.

PCI Compliance

GunTab maintains compliance with the strictest level of the Payment Card Industry Data Security Standard (PCI DSS). We follow uncompromising security policies and perform quarterly reviews to ensure our systems continue to satisfy the rigorous level D Service Provider requirements. This includes external vulnerability scanning by an Approved Scanning Vendor (ASV).