Security of Your Personal Information
PaySimple takes security very seriously. Our platform uses the most powerful security tools that exist in the marketplace and all sensitive information, including bank account and credit card information, is stored encrypted.
The PaySimple website and all PaySimple Solution modules, including hosted webforms, use a 256-bit DigiCert certificate, but accommodate the majority of browsers at 128-bit encryption.
Processing is performed by SSL (Secured Socket Layer) and compliant with PCI DSS - Payment Card Industry Data Security Standards.
PCI DSS Certified
Payment Card Industry Data Security Standard (PCI DSS) has become one of the most important advances in the credit card industry and online security, and is now required by Visa/MasterCard for all merchants handling credit cards. Not following these rules can result in fines to the merchant and processing privileges being suspended. Coalfire Systems, a VISA Qualified Security Assessor, has independently audited PaySimple and certified that PaySimple is PCI DSS compliant.
The PaySimple Solution is designed to provide a secure and easy solution that strictly follows these rules, without inhibiting business processes:
All credit card data is stored encrypted, and cannot be decrypted-except during the process of transmitting a transaction. This means that if transactions are entered directly into the system, or if card numbers are saved in the system for future one-time or recurring transactions, the merchant is, by definition, operating under PCI compliant standards, because PaySimple itself has been certified.
The PaySimple Solution never stores CVV2 data. Merchants have the opportunity, though, to enter it for one-time transactions to enhance security and the probability the transaction will be approved.
The PaySimple Solution never stores swiped track data for any reason.
Service Organization Controls (SOC)
Service Organization Controls (SOC) reports are designed to help service organizations, organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant. PaySimple obtains an annual Type 2-SOC2 report, which is a report on controls placed in operation at a service organization relevant to security, availability, processing integrity and confidentiality, and tests of their operating effectiveness.
"Intelligent" Intrusion Detection
Powered by Trustwave's TrustedSentry, PaySimple has an Intrusion Detection Service (IDS) with the latest defenses against stealthy, malicious and suspicious network activity. TrustedSentry's "intelligent" IDS service alerts you of any attempt to access your network by unauthorized third parties. Trustwave Systems monitors the PaySimple Solution 24x7x365.