Security and Authentication

maaiiconnect empowers its users to communicate effortlessly and effectively in a unified platform by dissolving boundaries and connecting consumers globally.

As a powerful cloud-based customer service platform, maaiiconnect provides businesses with robust calling and messaging capabilities on their websites and APPs; and ultimately creates better engagement between service providers and their consumers.

maaiiconnect offers a combination of voice and chat functions, allowing you and your customers to talk and chat on a single multi-channel platform. Using maaiiconnect's mobile web browser or application, your agents can continue to support your customers anywhere and at any time.
Equally important to providing effective communication, maaiiconnect also embraces security as a serious matter to consider. Protecting your data beyond the industry standard is one of our top priorities.

We have extensive years of experience providing satisfactory services for big and small businesses; including Fortune 500 companies.

We are proud that we have not only reached but have exceeded their requirements and expectations. This is proven by the certificates we have obtained within the telecommunications field.

Below are some features of our security system.

Infrastructure

IT infrastructure is the foundation of M800’s services. A robust IT service is dependant on robust IT infrastructure.

Our IT infrastructure consists of:

  • Capacity Planning
  • Availability Planning
  • Continuity Planning
  • Security Planning
  • Business Growth Planning

We build our IT infrastructure with careful technical planning and business planning to ensure it fulfils industry standards and business needs.

Our network equipment is located in multiple dedicated data centres. These data centres house switches, servers, and network equipment that distribute our services. M800's Data Centers are ISO 27001 and ISO 9000 compliant.

maaiiconnect also uses multiple public clouds for better service. These tier-1 data centres are all applied to local compliance.

Firewall Compatibility

maaiiconnect uses multiple standard protocols for exchanging messages and calls. These protocols are known as firewalls.

We are using well-known ports to prevent any blockage of firewalls or proxies. Calls starting via HTTPS (port 443) protocol SIP to exchange source and destination numbers. As soon as calls are connected, the media exchange on UDP 10000-50000 (DTLS-SRTP).

The exchange of messages is done through a WebSocket via HTTPS (port 443).

Client Security

Each of our customers owns a unique domain and service ID. After visitors click on the widget button, we make a unique ID for each visitor which is only related to the same domain. Authorisation is only done once causing your visitors to be identified the next time they visit your website. The integrity of the visitor is however defined and is checked every time they revisit your website.

Since customer’s browsers can be used to hijack customer data, we implemented a high-security mechanism to mitigate this risk. A unique token that expires soon after once-off use is generated for the customer each time they visit your website. We use local storage to prevent session hijack.

Security capabilities:

  • Standard SSO (Single-Sign-On) authentication
  • Cross-region identification
  • Secure encryption
  • Private and public rooms – A2A (agent to agent), V2A (visitor to agent), A2V (agent to visitor)
  • Security setting to make a change for boundaries, like Call Per Minute or Message Per Minute (Advanced Throttling System)
  • AI calls fraud detection and blocking
  • Free DDoS prevention system

Protected agent/admin area: The control panel area is protected by username and password and it has a login attempt limitation. It is designed in a way that allows complex passwords only. Administrator and agent are carefully created and can only be customised for Administrator.

Room security: After visitors or agents create a new room, the following security steps are checked:

  • Check if the visitor is spam or not
  • Create an encrypted room and notify agent on a secure channel
  • Encrypt messages and calls during the conversation
  • Prevent the sending of a lot of messages for spamming purposes
  • Data encryption in transit (Using TLSv1.3 – Grade A+ from SSL Labs’ tests)
  • Data encryption at rest
  • Unique room ID with pre-defined participants

Call security: maaiiconnect uses the standards-based VoIP (Voice-Over-Internet-Protocol) to deliver high-quality calls.

Features:

  • High quality/reliable codec with HD to lowest bandwidth consummation (Opus) which supports other codecs as backup
  • AES-256 bit TLS1.3 encryption (with supporting TLS 1.2) – Grade A+ from SSL Labs’ tests
  • Media encryption (DTLS-SRTP)
  • Data encryption at rest to protect data
  • Fraud detection and prevention
  • Using global blacklist numbers to prevent spam
  • Using unique EID for source and destination number to prevent
  • Generating unique temporary SIP (Session Initiation Protocol) account with AES 256 bit encryption token

Admin Controls

Administrators can assign different roles to the accounts under their control.

Some security capabilities:

  • Create an agent or admin account
  • Change account role
  • Suspend the account
  • Monitor agents and admins usage
  • Check and audit billing reports for each agent or admin

Built-in Security Features

M800 has extensive years of experience in successfully defending customers from thousands of hackers. Maaiiconnect has security features implemented in your account. You can customise these features by contacting our support staff. These features include:

  • Login blockage after several failed attempts
  • A limit to the number of inquiries a visitor can make
  • A limit to the number of messages a visitor can send
  • Detecting fraudulent calls and rejecting them by default
  • Rejecting requests from hostel’s IP addresses
  • Multi-region spam detection

SIEM & SOC

SIEM tools are an important part of the data security ecosystem: they aggregate logs from multiple systems and analyse them to catch abnormal behaviour or potential cyberattacks. A key focus is to monitor and help manage user and service privileges, directory services, and other system-configuration changes, as well as providing log auditing and review and incident response.

The benefits of SIEM in M800 is to identify attackers or hackers who try to access our platform. We trace the hackers from the first access until we block them on different platforms.

Use cases in M800

  • Collecting logs from all devices and applications
  • Correlating logs and find anomalies behaviours
  • Using AI to find cyberattacks
  • Forensics capabilities - Making proper decision and reports for incident response
  • Fraud detection and prevention by using AI algorithm

Why we in M800 using SIEM?

With SIEM, we can detect a cyber attack and use AI to block the bad traffic automatically. We also generate alerts to our security team, and some of them are sent to customers to make them aware of the incident.

M800’s SIEM can also be valuable to improve the efficiency of incident handling activities, both by reducing resource utilisation and allowing real-time incident responses, which also helps to limit the damage.

Security Operation Centre (SOC)

Our SOC team has high-level security skills for accessing different security systems like SIEM to prevent identity theft and block incidents.

At M800 we use a 24/7 dedicated SOC team that is with different security certificates (CEH, CISSP, OSCP, and SANS).

Our security team is separated into different tiers. The first one monitors the graphs and alarms. In cases of security alerts, they analyse and send reports to the next tier for investigation and proper action. The action can be to block the hacker or to do a forensic process and incident handling.

Privacy & Compliance

Protecting our customers' privacy is a priority at M800 and we are committed to maintaining strong and compliant privacy protections in line with the provisions of the Hong Kong Personal Data (Privacy) Ordinance (CAP 486) and the General Data Protection Regulation (EU) 2016/679. Ensuring the privacy of your information is an important responsibility and we thank you for the trust you place in us.

M800 Group privacy policy is entirely transparent, and we are committed to the protection of personal information and guarantee that personal information is only used for the purposes agreed to by our customers.

M800 guarantees to use the best technologies and methods to protect customers' data.

M800 Compliance

ISO 27001

ISO 27001

ISO 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).

An ISMS is a systematic approach to managing sensitive customer information so that it remains secure. It includes people, processes, and IT systems by applying a risk management process.

M800 certified for:

  • Clear security policy
  • Secure documents and communications
  • Information security incident management
  • Business continuity management (This is the process involved in creating a system of prevention and recovery from potential threats to a company)
  • Access control
  • Secure asset management
  • Secure development and maintenance process

PCI DSS

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that M800 accepts, processes, stores, or transmits credit card information while maintaining a secure environment.

M800 certified for:

  • Build and Maintain a Secure Network and Systems
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

GDPR

GDPR

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world.
The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

M800 guarantee to:

  • Keep the personal data in a safe place and proper location based on GDPR
  • Collect minimum data to improve products
  • Clear and simplified policy
  • Answer to customers for delete or edit the personal data
  • Notify customers in case of the data breach

Other Security Features

Training

We have security awareness training each year with monthly security newsletter for our employees. Developers passed several security training to make sure their code is secure by default.

Security Pentest

maaiiconnect has been tested several times by security companies and hackers. It helps us to make sure our application is secure, and we covered the latest OWASP risks.
One of the companies is InfoOcean: https://www.infocean.com.

Every day, we perform vulnerability scans on our PoP sites to make sure new deployments or libraries are secure and not susceptible to exploits or attacks.

Every day we have a vulnerability scan for our pop-sites to make sure new deployments or libraries are not susceptible to attacks.

We have a bug bounty program for hackers. If you find a security bug, you can contact us at [email protected] for analysing the bug and receive your bonus.

Policies

We have multiple policies for our employees. Sensitive database credentials are only provided to trusted employees.

Our built-in policy and password manager, generate temporal credentials for them after manager approval. The account then ceases to work after an hour.

Employee contracts include a confidentiality agreement section.

Updated about a month ago


Security and Authentication


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.