How secure is Safepay?
Safepay is a PCI-certified, auditor certified, service provider. We strive to get the highest certifications possible whenever required to ensure the security and stability of our systems in order to give our partners and their customers the peace of mind they need when making purchases online. All connections to our services are forced to happen over HTTPS using TLS 1.2 (SSL). We use HSTS to ensure browsers interact with Safepay only over HTTPS.
Card details are encrypted using AES-256 GCM while the decryption keys are stored on a separate machine. As such, cards are not stored anywhere on our servers or our databases. They are only used as passthrough values when forwarding them to our partner service providers. They are never decrypted on disk or stored as plain numbers. The only actions our systems can take is to request that card details be sent to a service provider.
Safepay has developed an internal decision support system that uses intelligent rules to determine the risk factor of a transaction or customer and blocking payment from being made if it does not pass the necessary checks. This decision is based on a combination of multiple factors such as geolocation, IP addresses, purchase and behaviour history, and so on.
Additionally Safepay relies on battle tested software provided to us by Cybersource in the form of a Decision Manager and device fingerprinting tool that adds an additional layer of security to transaction processing. We're constantly at work developing processes for identifying fraud patterns to improve our Fraud Prevention System.