AdvicePay Financial Advisor Community Blog

Ensuring Ironclad Security: A Closer Look at How AdvicePay Keeps Your Data Secure

November 30, 2023 By Scott Doty
Scott Doty

Efficient. Compliant. Secure. 

In today's increasingly digital world, financial transactions and data are constantly at risk from cyber threats. The wealth management industry, in particular, must be vigilant when it comes to safeguarding sensitive client information and ensuring secure payment processing. AdvicePay has taken this challenge head-on. We’ve designed the AdvicePay system to maximize data security at every level of our payment processing. 

Encryption: The Bedrock of Security

AdvicePay prioritizes data encryption to ensure that all sensitive information remains confidential and protected during transit and storage. The platform utilizes industry-standard 256-bit SSL/TLS encryption, the same level of security employed by major financial institutions. This means that every data transmission, from login credentials to payment details, is securely encrypted and virtually impenetrable to eavesdroppers.

Secure Payment Processing

Payment processing is at the core of AdvicePay's service, and we have gone to great lengths to ensure it's as secure as possible. Payment Information is never stored in our database.  AdvicePay submits payment requests to Stripe, a U.S.-based payment processor that manages billions of dollars each year, securely via tokenization. Customer information is never stored directly on any AdvicePay servers. This approach enables information to remain securely stored in one place, guarding against compromise. 

Stripe has been audited by a Payment Card Industry (PCI)-certified auditor and is certified to PCI DSS Service Provider Level 1. This is the most stringent level of certification available in the payments industry. Stripe annually performs a SOC 1 Type II and SOC 2 Type II audit for compliance.

Regular Security Audits

Soc 2 Type II

AdvicePay performs an annual SOC 2 Type II audit that is performed and delivered by CPA firm, KirkpatrickPrice. The audit specifically tests AdvicePay’s reporting controls that relate to security and availability. This attestation provides evidence that AdvicePay has a strong commitment to security and to delivering high-quality services to its clients by demonstrating that they have the necessary internal controls and processes in place.

The successful completion of the SOC 2 Type II examination and audit highlights AdvicePay’s continued commitment to deliver best-in-class solutions and safeguards to protect and secure our customers’ data. This Attestation of Compliance is widely known as the industry benchmark for SaaS businesses and the most stringent examination of an organization’s security controls, policies, and procedures, and we are proud to exceed customer expectations when it comes to protecting their data.


As a merchant service provider, AdvicePay performs a PCI Self Assessment Questionnaire (PCI SAQ A) on an annual basis as required by our partner Stripe. The PCI SAQ A is a validation tool that assists in evaluating and attesting to the PCI Data Security Standard (DSS) of compliance. AdvicePay partners with Stripe which performs all cardholder data functions. Stripe is a certified PCI DSS Level 1 payment processor. AdvicePay as a merchant service provider does not perform any cardholder data functions including storage, processing, or transmission of card data. 

Secure Data Host

AdvicePay Infrastructure is hosted to maximize compliance and security. AdvicePay’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes Amazon Web Services (AWS). Amazon continually manages risk and undergoes recurring assessments to ensure compliance with data security industry standards.

Amazon’s data center operations have been accredited under:
ISO 27001, ISO 27017, ISO 27018
SOC 1, SOC 2, SOC 3
PCI DSS Level 1
FISMA Moderate
Sarbanes-Oxley (SOX)
SEC Rule 17a-4(f)

Continuous Monitoring and Alerts

Monitoring is a critical aspect of security, and AdvicePay doesn't take it lightly. We employ adaptive machine learning to detect and prevent fraud by using Radar, a data aggregator used to identify potential fraud indicators across all of Stripe’s 100,000+ businesses.

These proactive measures not only contribute to an enhanced fraud detection system but also significantly mitigate the risk of improper platform use. As an additional layer of assurance, AdvicePay undergoes annual, independent third-party penetration tests on our technology. This proactive approach helps identify and address internal risks before they escalate, ensuring the continual resilience of our platform.

Dedicated Security Team

Behind the scenes, AdvicePay has a dedicated security team responsible for staying abreast of emerging threats and continuously enhancing the platform's security infrastructure to safeguard against them. We have an established Incident Management Program that involves swiftly responding to any potential threat. These measures include isolating affected systems, limiting access, and implementing immediate remediation measures. By promoting a culture of security awareness, AdvicePay empowers users to take an active role in protecting their own data.

In a world where financial transactions are increasingly digital, security is paramount. We leave no stone unturned when it comes to protecting the sensitive data of you, your financial advisors, and their clients.

With our robust security measures, we ensure that you can confidently process payments and handle sensitive client data. From encryption to compliance and continuous monitoring, our commitment to security shines through in every aspect of the AdvicePay platform. By choosing AdvicePay, you can focus on what you do best—providing valuable financial advice—knowing that your client's data is in safe hands.


Join the ranks of leading firms who trust AdvicePay.





Posted by Scott Doty

As AdvicePay’s Chief Information Security Officer, Scott oversees our complex data security approach, mitigating risks and keeping us current on preventive measures. His degree in Management Information Systems from Auburn University and background in the financial services industry has enabled him to bring tremendous value to our team. Outside of work, you will catch Scott spending time with his family, coaching the Bozeman School’s Special Olympics Swim Team, or exploring the great outdoors.

Topics: Practice Management, Case Studies, Fee-For-Service, Sales, Enterprise