All transaction endpoints are protected with a web application firewall (WAF), which protects against general security risks as well as exploits. Rules defined based on the OWASP core rule sets 3.2 are used for this purpose. The endpoints are accessible exclusively via HTTPS. The underlying Cipher Suites are kept up to date.