Licensed MSB Sign in Open Account
Open Account

Legal

Security Statement

Ernora Pay
Effective Date: 11.06.2025

1. Definitions

For the purposes of this Security Statement:

“Information Security” means the protection of information against unauthorized access, use, disclosure, alteration, disruption, or destruction.

“Confidentiality” means ensuring that information is accessible only to persons who are authorized to access it.

“Integrity” means safeguarding the accuracy, completeness, and reliability of data and systems.

“Availability” means ensuring that authorized users can access information and services when required.

“Encryption” means the process of encoding information in order to protect it from unauthorized access.

“Authentication” means the process of verifying the identity of a user, device, or system before access is granted.

2. Our Commitment to Security

Ernora Pay applies a layered and risk-based security approach to protect customer information, accounts, and transactions. Our security controls are designed to support regulatory compliance, operational resilience, and the protection of sensitive data in line with generally accepted industry practices and applicable Canadian legal and regulatory requirements.

3. Key Security Measures

Data Encryption

  • data transmitted between users and our systems is protected using industry-standard encryption protocols, including SSL/TLS where applicable;
  • sensitive information stored within relevant systems may be protected using encryption at rest in accordance with internal security standards.

User Authentication

  • we apply authentication and account access controls, which may include password policies, session controls, and multi-factor authentication measures where available or appropriate.

Firewall and Intrusion Protection

  • our infrastructure is protected through technical safeguards designed to detect, prevent, and respond to unauthorized access attempts and malicious activity.

Transaction Monitoring

  • financial activity may be monitored for suspicious, unusual, unauthorized, or high-risk behavior in order to support fraud prevention, account security, and regulatory compliance.

Access Controls

  • Ernora Pay follows access control principles intended to limit access to systems and sensitive information to authorized personnel with a legitimate business need.

Security Testing and Review

  • we periodically assess and review our security posture through internal checks, third-party reviews, vulnerability management processes, and other risk-based control measures.

4. Employee Security Awareness

All relevant personnel are required to complete security and privacy awareness training on onboarding and at regular intervals thereafter. Access to systems and data is role-based, controlled, and subject to internal monitoring and policy requirements.

5. Incident Response

Ernora Pay maintains procedures for responding to actual or suspected security incidents. Depending on the nature of the incident, our response may include:

  • containment of the issue;
  • investigation and impact assessment;
  • remediation and risk mitigation measures;
  • notification of affected parties where required by law;
  • reporting to relevant authorities or regulators where applicable.

6. Fraud Prevention and Detection

To help identify and reduce fraud risk, Ernora Pay may use a range of preventative and detective measures, which may include:

  • transaction review and risk scoring;
  • behavioral or anomaly-based monitoring;
  • account access analysis;
  • device, location, or usage pattern checks where appropriate;
  • escalation procedures for suspicious activity.

Where potentially fraudulent activity is identified, we may take protective action, including restricting access, delaying transactions, requesting additional verification, or initiating further investigation.

7. Business Continuity and Operational Resilience

Ernora Pay maintains operational controls intended to support service continuity and resilience. These may include, where appropriate:

  • backup and recovery procedures;
  • system redundancy and failover arrangements;
  • monitoring of service availability;
  • incident escalation and crisis response processes;
  • recovery planning for operational disruptions.

We do not guarantee uninterrupted availability of services at all times, but we seek to maintain appropriate resilience measures in line with the nature of our business.

8. Third-Party Risk Management

Ernora Pay may rely on third-party providers, banking partners, technology vendors, and service partners in connection with its services. We seek to manage third-party risk through appropriate onboarding review, contractual controls, and ongoing oversight, particularly where third parties may have access to sensitive systems, data, or operational processes.

9. Regulatory Compliance and Reporting

Our security program supports compliance with applicable legal, regulatory, and operational requirements. We may review and update our controls to reflect:

  • changes in law or regulatory expectations;
  • evolving security threats;
  • operational developments;
  • lessons learned from incidents, reviews, or assessments.

Where required, security-related incidents may be reported to competent authorities in accordance with applicable law.

10. Customer Security Responsibilities

Security is also a shared responsibility. Customers are expected to take reasonable steps to protect their accounts and information. We recommend that customers:

  • use strong and unique passwords;
  • enable multi-factor authentication where available;
  • keep devices, browsers, and software updated;
  • monitor their accounts for unauthorized activity;
  • avoid sharing login credentials or sensitive access information;
  • remain alert to phishing, impersonation, and social engineering attempts;
  • use secure networks when accessing financial services;
  • log out properly after each session, especially on shared devices.

11. Reporting Security Concerns

If you suspect unauthorized access, account misuse, a security weakness, or any other security-related concern, please contact us promptly at:

Ernora Pay
7404 King George Blvd., Suite 200
Surrey, Canada
MSB number: M23468645
Email: support@ernorapay.com

12. Continuous Improvement

Ernora Pay reviews and develops its security controls on an ongoing basis in light of operational needs, threat developments, internal assessments, and evolving best practices.

13. Statement Review

This Security Statement is reviewed periodically and may be updated from time to time to reflect changes in our security practices, legal requirements, business operations, or the wider threat environment.