The industry backed cashless payment app, Yalp, has moved one step closer with independent testing now underway. Game Payment Technology’s Paul Deed talks us through the procedure.
In keeping with its commitment to the highest levels of security and integrity, Yalp, the cashless payments app developed by Game Payment Technology (GPT), is undergoing an intensive programme of testing by independent specialists, Pen Test Partners LLP. Referred to as penetration testing, ethical hacking, or white hat hacking, the external validation of the Yalp solution is a crucial step. It provides players and operators with assurance and confidence that the system is secure and cannot be exploited.
Commenting on how the testing programme forms part of Yalp’s commitment to a ‘right first time’ approach, Paul Deed of GPT explained: “This is absolutely about doing things correctly. Particularly when it comes to the world of evolving information security threats, we are committed to ensuring that the solution we bring to market is secure and remains secure. Ongoing monitoring of Yalp’s security and future revalidation by an external third party is essential.”
“The development of any system needs to consider security from design through implementation and testing to ensure that it is not vulnerable to attack.” he continued. “Yalp has been designed and developed with security first. We regularly ask ourselves “How could this be exploited?” and “How do we minimise the risk?”. We follow secure coding standards and are ISO27001 accredited. Holding this information security standard is part of our commitment to ensuring the security of our systems and processes.”
Despite there being no legal requirement to undertake penetration testing, Deed believes the importance of the process and how it reflects on players’ perception of Yalp cannot be understated. “I would not be prepared to take a publicly accessible system, which handles sensitive data, live without it.” he explained. “Our commitment to quality and security as an organisation demands it. It is vitally important to give us the assurance that the design and security measures within Yalp are robust and that there are no vulnerabilities within the Yalp solution.”
In addition to the emphasis on the testing, the choice to appoint Pen Test Partners LLP to undertake the testing of the Yalp solution, following a competitive tendering process, was also central to Yalp’s reputation. “Selecting an independent, industry-leading organisation to test and validate the platform is crucial to people being able to trust the platform and ensure security from hackers with malicious intent. Pen Test Partners is a member of the CHECK and CREST schemes – both recognised accreditations for organisations providing penetration testing services.” he said. “Following an initial three weeks of tests, they will submit a detailed report with recommendations. The security testing finishes on December 23rd. At this point, we will review and act upon any findings from the testing, ahead of the launch of Yalp at EAG in January.”