PayHub is proudly headquartered in North Texas which this past holiday weekend saw record breaking rainfall. Coincidentally, when asked how we protect our clients from data and security breaches, our CTO, Andres Ordonez, described our security structure like an umbrella.
Many businesses don’t tend to look at it this way but hackers, breaches, and security issues are very much like a severe storm. The skies can be clear for weeks, months or even years, then out of nowhere a squall blows in and it’s up to the business owner, to grab the umbrella.
An umbrella, like a data security system, has two major components: the handle and the canopy. The handle is the part of the system that the user, i.e. the business owner, is responsible for hanging onto. Unless credit cards are being swiped and the swiper has end-to-end encryption there is a risk from the time the card is entered to the time it gets to PayHub. No need to panic, though. For a business owner it’s pretty simple; complete your annual PCI questionnaire, hire a trusted third-party compliance company to perform quarterly vulnerability and penetration tests, and utilize a trusted anti-virus software provider.
As for the rest of your security system, PayHub has created a three-panel canopy to make sure you are well covered.
1. The first panel is Secure Socket Layer (SSL). Verifying SSL is as simple as looking for the https:// in your URL. That “s” verifies that a secure encrypted link has been established between your site and our server.
2. The second panel is OAuth 2.0, a method for integrated solutions to communicate with our servers without touching sensitive data.
3. The last panel is tokenization. Simply put, this means that rather than storing card data, an integrator stores a random sequence of digits or a “token” to reference when a request is made. Tokenization allows us to provide features like recurring billing and zero authorization to our integrators without asking them to become experts in storing cardholder data.
PayHub is in the business of protecting credit card information. It is a job we take very seriously. Just as you wouldn’t leave home without protection from the rain during a downpour, you shouldn’t leave your business or your customers vulnerable to the deluge of security threats that attack them regularly.