Security at TopUpStreet
Protecting your money and your data is the foundation of everything we build.
How we protect payments
- Card payments are processed by our PCI-DSS-compliant payment provider โ we never store full card numbers.
- If a top-up fails, you are not charged, or the charge is refunded.
- Every money movement is recorded in an append-only double-entry ledger and reconciled.
How we protect your data
- Encryption in transit (TLS 1.2 or higher) on every connection.
- Secrets are held in a managed key vault, never in our code.
- Least-privilege access to systems and data.
- Per-IP rate limiting and modern security headers on every request.
Fraud prevention
- Real-time screening of transactions against risk signals.
- Velocity and spend limits, with a watchlist that blocks known-bad actors.
- Manual review of flagged activity before it is allowed to proceed.
Responsible disclosure
Found a vulnerability? Email security@topupstreet.com. Please give us a reasonable chance to fix it before any public disclosure; we will not pursue good-faith researchers who follow this policy.
Your part
- Use a strong, unique password.
- Never share one-time codes with anyone.
- Double-check the recipient number before you pay.