Many customers have asked about how their credit card details are handled and stored, with all the recent exploits and security breaches in 2014 / 2015 we feel we should let our customers in on our operations and security.
When a customer makes a payment using their credit card, we do store the provided credit card details in our database systems. This information is stored to automate invoice payments, domain renewals and other billing related services to make it easier for our customers.
The following information is stored when a customer pays with their credit card…
- The full credit card number
- The last 4 numbers of the card
- The expiration date / issue date
The CVV or security code is never stored on our systems. All of the above information is stored in a 128-bit AES encrypted data blob and seeded with a passphrase that is 32-random-characters in length. The passphrase is only known / accessible by 2 employees within our company. Even if the encrypted data blob is retrieved, it cannot be decrypted without the passphrase.
The database systems that store all user information, services details, invoices etc. that our billing system operates out of are not publicly accessible, do not run locally alongside the web server and are secured with very strong randomly generated passwords. Access to the database systems is secured through VPN access only.
Our billing software is updated immediately when a new release is available to maintain high levels of security. We also have in-house developed scripts and software that monitor requests and traffic for intrusion attempts, SQL exploits / injections, fake / fraudulent signups and more. We also exceed PCI requirements which are designed to ensure that your credit card information is secure. You can view our PCI compliance here – https://www.securitymetrics.com/sm/public/reports/?e=roma@aspnix.com&k=61900d43ac5ac4fe3b38.
While no system is 100% secure, we do our best to make sure that our system is as secure as possible. We monitor for new threats, new exploits, and fraudulent activity to make sure we stay on top of our security.
If you have any questions, concerns or comments, please do not hesitate to contact us!
You guys are doing an amazing job lately! Really! Keep it up Chris! Love to see posts like this, many other companies like to hide such information or play it down, love it! Keep it going!!