Xoxoday Plum employs a multi-layered fraud prevention framework—combining real-time transaction monitoring, KYB verification, Cloudflare-backed network security, and PCI-DSS compliance—to ensure all program funds and rewards remain protected from theft, misuse, or unauthorized access.
Access Controls and Identity Verification
Every administrator and user accessing Xoxoday Plum authenticates through Two-Factor Authentication (2FA). Role-based access controls (RBAC) ensure employees interact only with the features and budgets relevant to their role. This reduces the attack surface significantly, whether users connect via SSO integrations with Workday or Darwinbox, or log in directly through the portal. Before any business account goes live, Xoxoday Plum conducts Know Your Business (KYB) verification. This includes identity checks, business registration validation, and anti-money laundering (AML) screening, ensuring every entity operating on the platform is legitimate and compliant with applicable financial regulations.Real-Time Fraud Detection
Xoxoday Plum runs continuous fraud detection across all transactions. The system performs IP checks, geolocation verification, and device fingerprinting to flag anomalous behavior. Pattern recognition algorithms identify unusual redemption activity—such as a single user redeeming across multiple reward catalogs in rapid succession—and threshold-based controls automatically block transactions that exceed defined limits. Internal teams operate under IP whitelisting and VPN enforcement for an additional layer of access control.Network Security and Data Encryption
Xoxoday Plum leverages Cloudflare to protect against DDoS attacks and ensure platform availability. All data transmitted between users and the platform is encrypted using TLS/SSL. Sensitive data stored at rest is protected with industry-standard encryption, keeping reward balances, payout records, and personal information secure at all times.Audit Trails and Internal Controls
Every transaction on Xoxoday Plum is logged, timestamped, and available for audit. Reconciliation processes run periodically to surface discrepancies or suspicious activity before they escalate. Segregation of duties and multi-level authorization workflows mean no single user can move funds without appropriate approvals, effectively mitigating insider fraud risk.Compliance and Certifications
Xoxoday Plum aligns with PCI-DSS guidelines for payment security, AML regulations, and local data protection laws across its operating regions. The platform’s broader security posture is validated under ISO 27001 and SOC 2 Type II frameworks, giving enterprise IT and procurement teams the independent assurance required for vendor risk reviews. An incident response plan is maintained and regularly tested, enabling the security team to isolate, investigate, and remediate any fraud attempt within defined SLAs.Learn more: Xoxoday Plum Help Centre — System Requirement
Data Security and Encryption on Xoxoday Plum
Learn how Xoxoday Plum encrypts data in transit and at rest, and how network-level protections keep your program data secure.
Compliance Certifications: ISO 27001 and SOC 2
Understand the regulatory and certification standards Xoxoday Plum meets, including PCI-DSS, ISO 27001, and SOC 2 Type II.