Security & Compliance
Eved's cloud platform meets the highest level of security standards, with user roles, approval workflows, data protection, and continuous monitoring built into every layer.
Watch our security overviewEved maintains the highest level of security certifications to protect your financial data and ensure operational integrity.
Eved has completed third-party SOC 1 Type 1 testing to evaluate the design of internal controls over financial reporting, ensuring the accuracy and reliability of the financial data flowing through the platform.
Eved undergoes an annual SOC 2 Type 2 audit on the design and operating effectiveness of controls relevant to the security and availability trust service categories.
Eved has been validated to comply with the PCI Data Security Standard since 2010. Eved is monitored and audited externally by Trustwave.
Comprehensive vendor screening and tax reporting to reduce risk and ensure compliance at every payment.
Third-party screening against BSA, PATRIOT Act, and OFAC requirements. Vendors are screened every time bank information changes or payment is processed.
Additional documentation collection and validation for vendors paid via Eved China, complying with People's Bank of China (PBOC) regulations.
Automated W-9 collection and EIN verification for US entities. W-8 forms for non-US merchants. Complete tax compliance infrastructure with automated 1099 issuance.
All employees are required to annually complete security awareness training.
Monthly and quarterly external vulnerability assessments on infrastructure and application. High or medium-risk issues are immediately remediated.
Secure communication everywhere utilizing best practices for ciphers and the latest encryption technology.
Payment information stored using AES-256 bit encryption with AES/SHA1 encryption algorithms and password/salt key for generating secure hashes.
Frequently Asked Questions
Yes. Eved maintains SOC 2 Type II compliance, which means our security controls are independently audited and verified on an ongoing basis. This covers data security, availability, processing integrity, confidentiality, and privacy.
Eved uses bank-level encryption (AES-256) for data at rest and TLS 1.3 for data in transit. All payment credentials and bank details are tokenized and stored in PCI DSS-compliant vaults, never in plain text.
Eved employs multi-layered fraud prevention including AI-powered anomaly detection, dual-approval workflows for high-value payments, vendor bank detail verification protocols, and real-time transaction monitoring. Our system has prevented millions in potential fraud attempts.
Yes. Eved complies with GDPR, CCPA, and other regional data protection regulations. We maintain data residency options for clients with specific geographic requirements and provide full data processing agreements.
Eved uses a proprietary multi-step verification process that includes document verification, and cross-referencing against global sanctions and fraud databases. Changes to bank details trigger additional verification steps and stakeholder notifications.
Our team is ready to discuss how Eved protects your data and meets your compliance requirements.