Our secure payment
No matter what payment method you preffer we process your payment through a %100 secure SSL connection. We don’t store your card details, AT ALL. Security is one of the biggest considerations in everything we do. If you have any questions, or encounter any issues, please contact us at firstname.lastname@example.org.
Our payment processing gateway has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
SSL and HSTS
Our Payment Processor forces HTTPS for all services Our Payment Processor regularly audits the details of their implementation: the certificates they serve, the certificate authorities they use, and the ciphers they support. They use HSTS to ensure browsers interact with them only over HTTPS. They are also on the HSTS preloaded lists for both Chrome and Firefox.
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of our Payment Processor’s internal servers and daemons are able to obtain plain text card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Their infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with their primary services (API, website, etc.).
What is SSL?
On the web, SSL tries to do two things: Encrypt and verify the integrity of traffic between the browser and the server. Verify that the browser is talking to the correct server. In practice, this usually means verifying that the owner of the domain and the owner of the server are the same entity. This helps prevent man-in-the-middle attacks. Without it there’s no guarantee that you’re encrypting traffic to the right recipient.
Our Payment Processor use SSL in the API