All sensitive data, including Transaction ID, Transaction Amount, and Merchant ID, are encrypted and using RSA_AES algorithms during transmissions.

  • Sample AES key size: 256 bits

  • Sample RSA key size: 2048 bits

Server Security

Yuansfer uses Alibaba Cloud and enables a Web Application Firewall to defend against the most common attacks such as (but not limited to) SQL injection, XSS cross-site scripting, common web server plug-in vulnerabilities, Trojan uploads, and unauthorized access to core resources.

Authentication and Authorization

There are not any secret tokens or user passwords transmitted in transactions. It is impossible to make a fraud transaction for hackers because, for each step, Yuansfer and Wallet Servers authenticate and authorize to validate each transaction.

Authentication and Authorization Flow

PCI/PII Exempted

Yuansfer's Gateway does not interact with any card network processing components for PCI scoping, while AliPay transaction data is PCI out-of-scope and not subject to PCI DSS standards.