Please confirm if you are currently following any of these standards: PCI, SOC II, WCAG, ISO
Rare Goods uses Circle as our payment processing provider and Circle is compliant with PCI. No credit card information is saved on the platform and is encrypted before sending to Circle. Rare Goods uses MongoDB Atlas, a SOC II compliant multi-cloud database service. We have worked with Nebraska University t
Has a security audit been performed? If yes, what was the scope of the audit? Is an Executive Summary of the audit report available for review?
Yes. Each of our third-party vendors (Circle for transactions, Trulioo for KYC and fraud, Legal counsel for bonding, Auth0 for user management, fraud, and malicious attack) and our internal development staff regularly perform extensive security and stress testing. An executive summary report has not been co
Do you monitor for “double spend” attacks within your platform?
Each and any payment on the Rare Goods platform is exclusive to credit cards (via Circle), therefore, “double spend” attacks are impossible (as the payment gateway protects against this).
Do you monitor for wallet hijacks in your ecosystem?
Yes. Security is closely monitored for both external threats, and internal team management and custody are also monitored and limited. Currently, the only crypto wallets used on the platform are managed by Rare Goods and are secured using AWS KMS on the backend side. End users have limited ability to connec
Do you monitor for authentication attacks?
Rare Goods uses Auth0 (which supports the principle of layered protection in security) that uses a variety of signals to deter, detect, monitor, delay, and mitigate attacks against the platform and its users. Auth0 allows us to enable the following attack protection options from their dashboard: Bot Detecti
Do you monitor for unauthorized distribution or fraudulent activity associated with your blockchain/ledger, service, digital assets, or brand presence?
Rare Goods manually monitors for any unauthorized or fraudulent activity associated with the brand and its related assets occurring outside of the platform. The platform is a closed ecosystem requiring admin approval to add additional assets and end-user actions are limited. We have a KYC and AML provider (
Does the platform have any type of forensic recovery in place to identify abuse?
We have a KYC and AML provider (Trulioo), which provides visibility and flagging of any potentially abusive behavior on the platform in addition to an admin panel with further usage insights and reports. User actions on the platform are logged and backed up and can be exposed for further ingestion. The impl
How are assets secured from copying? Unauthorized distribution?
NFTs are stored on a public blockchain, so they could be viewed and “copied”, but not replicated. The Rare Goods platform is a closed ecosystem, so unauthorized assets would not be able to enter the platform without admin approval. Rare Goods also deploys an NFT contract with a designated collec
Do you have a native viewer? If yes, please describe the features/capabilities of the viewer.
Currently, users can view their NFTs on the platform via their NFT details pages. On these pages users can view an NFT’s details including: The NFT’s media content, including images, video or audio (users can pause and mute video/audio) The NFT’s title The NFT’s description The NFT’s edition
How are you combatting fraud? What plan is in place for abuse?
We currently have Trulioo as our KYC & AML provider. Each user must complete our KYC process, when crossing specific thresholds on the platform, depending on the amount transacted and their actions. Additionally, the admin can review all users who failed KYC and has the ability (and holds the legal righ