About Us Contact Us Customer Service

Please choose a country specific site.

    Change Language

Technology

Rex2

The REX Core Platform is a system providing various functions relating to creating and managing the accounts of bux.com clients and partners. Unlike other paper and manual payment processes, bux.com has been able to develop a platform that delivers instantaneous transfers from mobile phone and Internet locations worldwide.

The REX Core Platform has well-defined interfaces available to authenticated web services which accommodate or plug-in any type of banking interface and affiliated connections.

Our company is open to improvements in our web-service interfaces to partners to offer richer services to our card holders.

Security
For us, the integrity of our card holders' money and confidentiality of their personal information is of the highest importance. Our company is constantly improving the technology and processes behind the scenes as a commitment to this goal.

Conforming with industry best practices, bux.com is preparing to be assessed to the PCIDSS (Payment Card Industry - Data Security Standard) and has completed a large portion of the preparation.

The security of our card holder information is guided by a number of principles:

  • we don’t store unnecessary information;
  • stored information has layered access control to protect sensitive data;
  • information is not retained longer than necessary;
    • information is erased using industry and government best practice for sensitive information.

Our standard for protecting information is:

  • PINs and passwords are stored using salted hashes - 64 (or more) bits of salt and sha1 (or stronger) hash;
  • Sensitive information is RSA (2048 or greater bit) encrypted with decryption keys on a different server under an appropriate key management plan;
  • Database access control and stored functions procedures limit access to sensitive operations.

Web application security

Our assessment methodology is based on OWASP AVAS and we are currently reassessing our entire codebase. We are in the process of investigating the following HTTP extensions to work with web browsers to protect our cardholders. These include:
  • HTTP Strict Transport Security (HSTS) - protecting users from HTTP MITM attacks
  • X-XSS-Protection HTTP header to assist in XSS protection
  • X-Frame-Options HTTP header to mitigate click jacking

For all transport of our cardholder information over the Internet we use HTTPS.

The use of our API by partners requires a client certificate.

Help

Mobile

Get Started

Investors

Features

Partners

© 2011 bux.com Pty Ltd. ACN 117 914 851 All Rights Reserved. About Us | Contact Us | Terms Of Service