No Comments

Safety & Security when Making Thawani e-Payments

Thawani, the innovative mobile e-payment start-up founded in Oman and launched on May 1, offers a safe and simple alternative payment method to cash, credit and debit cards. Thawani ensures it is one of the safest methods of payment in the Sultanate and the region by implementing banking standard security controls at application level and at datacentre level. Thawani is also compliant to both Payment Card Industry Data Security Standard (PCI-DSS) and Payment Application Data Security Standard (PA-DSS), as well as featuring additional level security protocols.

Commenting on the high levels of security offered by the app, Majid Al Amri, CEO of Thawani noted, “Security and data integrity is extremely important for any mobile application, and it was our primary focus during the development of our platform. We wanted to ensure that we were compliant with not just local but also the latest international standards for data integrity and secure encryption. As a result, the platform is completely PCI-DSS compliant, while the application itself is PA-DSS compliant. Moreover, Thawani adopts very serious controls for fraud management, risk management, and anti-money laundering activities.”

Among the key features of these security controls is the linking of the user account to the user’s SIM card and Device serial number. This will ensure that the application will not work if the SIM card is removed but the user still can change his sim card through certain process within the APP. Furthermore, all local cards transactions are secured with an additional PIN shared by a One-time-password (OTP) by the local payment gateway. The OTP will be sent to the registered owner number at the issuing bank. As a result, while making a transaction, the user doesn’t have to share his personal or banking details with any merchant; all that is required in order to pay is the merchant unique ID or the mobile number or scan his QR code and authenticate with the user finger print or his PIN on his own device.

Since the very beginning of the App’s development phase, Thawani has been engaging all key stakeholders including the Central Bank of Oman. Thawani involved a number of experts in security and technology during the development phase in order to align the business model to the latest industry practices. As a result, to ensure maximum privacy and security, all linked bank cards are tokenized and encrypted in a secured environment away from the user device. Card details are not revealed and shared with any party except the payment gateway during a transaction execution.

“As a result of each of these security features, Thawani is easily one of the safest and most secure payment system available on the market. Furthermore, should a user lose his phone, there is no reason to worry. Without the unique PIN, and with no personal data revealed during any transaction, no fraudulent transactions can be made. All the user then has to then do is report the loss of the device to Thawani and re-link a new device,” concluded Majid.

“Security setup and infrastructure development is not a one-time task, it is an ongoing process that require frequent updates and improvements. Thawani is committed to keep investing in the security infrastructure as a high priority throughout the journey,” added Majid.

The Thawani platform was launched on May 1, 2017 under the patronage of His Highness Sayyid Taimur bin As’ad bin Tariq Al Said, marking the beginning of a new era of easy and secure e-payment solutions in the Sultanate of Oman. For more information on the app please visit the website at www.Thawani.om

Cyber Gear Webinar Series