The safety of your payment card information as well as the payment card information of your customers is paramount. That's why we work with one of the Internet's biggest payment card processors, Stripe, to ensure that you and your customers are protected.
Encryption during transmission
We have built our service to be in compliance with PCI-DSS standards. One of these standards dictates that information that is sent to and from our servers is encrypted. You'll notice that on your website as well as ours, within the address bar, there is a lock icon.
This icon indicates that the site is protected by an SSL certificate, which is what encrypts all communication to and from the server that this website and your website runs on.
Encryption during storage
Critical payment card information includes the full payment card number, CVV number, name, and expiration date. At no point does our server store all of these details. At the most, we store the last 4 digits of the card number, the card type, and the expiration date. These details are stored for card identification purposes and the storage of this limited information does not pose a security risk as these details aren't enough to charge the card at another vendor.
Stripe stores critical payment card information on its servers, but stores them in an encrypted format. This means that even if someone did gain access to their servers, they would not be able to use the data. More information on Stripe's security can be found here:
"If your service doesn't store payment card information, how can I charge a customer's card with the click of a button?"
Over the years, software engineers in the payment card industry have devised a clever way giving merchants the ability to charge a payment card without needing them to store all details of the payment card. This is achieved through the use of tokens. The process for how a token is established and used is explained below.
For the purposes of this example, we'll assume that you run lindascleaning123.com
Step 1. User visits lindascleaning123.com and completes the booking form. They complete the booking by paying with payment card.
Step 2. The payment card details are sent, in encrypted format, to Stripe.
Step 3. Stripe evaluates the payment card and allows the charge to go through. As a result of this, it sends a response back to lindascleaning123.com that includes
- an indication that the charge was successful and,
- a token that represents the payment card that was used. This token is simply a long string of characters that represents the payment card. An example of what a token might look like is as follows:
src_1IASDV5F9JFJ1KZC68VI4
Step 4. Our server stores this token under your account
In the future, when you charge an amount to this customer from within our platform, rather than sending payment card details to Stripe, our servers send:
- the token that represents this customer's payment card
- the amount to be charged
- your Stripe keys that you previously entered into your settings on our platform
When Stripe receives this information, it confirms that this token belongs to your account and allows the payment card to be charged. In the event that someone gained unauthorized access to a token and tried to charge it using their own Stripe account, the transaction would fail. This is because the token is not associated with their Stripe account.
What does this mean in terms of the security of your payment card information as well as the payment card information of your customers? It means that in the extremely unlikely event that our servers were breached, the malicious actors would only have access to Stripe tokens, which they would not be able to do anything with.
If you have questions regarding the security that our platforms uses to keep your information and your customer's information safe, please reach out to use via our Contact page.