How secure is Safepay?
Safepay is a PCI-certified, auditor-certified, service provider. We strive to get the highest certifications possible whenever required to ensure the security and stability of our systems in order to give our partners and their customers the peace of mind they need when making purchases online. All connections to our services are forced to happen over HTTPS using TLS 1.2 (SSL). We use HSTS to ensure browsers interact with Safepay only over HTTPS.
Card Information
Card details are encrypted using AES-256 GCM while the decryption keys are stored on a separate machine. As such, cards are not stored anywhere on our servers or our databases. They are only used as passthrough values when forwarding them to our partner service providers. They are never decrypted on a disk or stored as plain numbers. The only action our systems can take is to request that card details be sent to a service provider.
Fraud Prevention
Safepay has developed an internal decision support system that uses intelligent rules to determine the risk factor of a transaction or customer and blocks payment from being made if it does not pass the necessary checks. This decision is based on a combination of multiple factors such as geolocation, IP addresses, purchase and behavior history, and so on.
Additionally, Safepay relies on battle-tested software provided to us by Cybersource in the form of a Decision Manager and device fingerprinting tool that adds an additional layer of security to transaction processing. We're constantly at work developing processes for identifying fraud patterns to improve our Fraud Prevention System.
Check out these resources to learn more:
1. Payment Card Industry (PCI) Executive Report
2. Payment Card Industry (PCI) Technical Report
3. Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers
4. Attestation of Compliance for Self-Assessment Questionnaire D – Service Providers