Fundraising Platform Security
While we do a lot of things differently at @Pay, we don’t break the rules.
We’re big believers in following industry best practice security standards.
Email Fraud Prevention
@Pay performs fraud analysis on every transaction that moves through our system, using industry standard and proprietary algorithms to verify the customer identity, the origin of the request, and the validity of the transaction.
@Pay monitors incoming email characteristics for “red flags” and requests additional confirmaton where we are unable to verify a transaction’s source.
Credit Cards are stored in a PCI-compliant vault
All credit card information is handled under strict PCI compliance. Customers’ full payment information is stored in an independent secure 3rd party vault, not on @Pay’s servers.
Tokenization and Information stored by @Pay
@Pay creates a token representing each transaction. The consumer’s email address is the bridge between the @Pay token and the payment token issued by the payment vault. No credit card data is contained within an @Pay email, so the customer is always protected.
All sensitive data transmitted through secure connection
@Pay only uses Secure HTTP connections for all services we provide. All data is encrypted with industry-standard SSL certificates when in transit over public networks. Customer data and other sensitive information is stored in a secure database on a network with no public internet access.
@Pay servers are protected by firewalls and security rules to limit access. All server transactions are logged and audited by automatic processes. @Pay utilizes Host-based Intrusion Detection systems to alert us of unusual activity.
@Pay’s servers are located in world-class, highly secure data centers with electronic surveillance and multi-factor access control systems. Data centers are staffed 24/7 by trained security guards, and access is strictly controlled.
Text Message Dual Factor Authentication
@Pay provides a unique Dual Factor Authentication in our text payment solution that utilizes both SMS and email. SMS spoofing can create issues not only for the consumer but also for an organization’s merchant account. Without a secondary form of identification it is very difficult to verify the authenticity of transactions done over SMS.
When an @Pay consumer texts to donate or pay a bill from an @Pay-registered phone number, @Pay will send back a text message with a MAILTO link, which automatically generates the payment email. When the consumer sends the email, @Pay processes the payment. In other words, the payment is initiated through SMS and then seamlessly confirmed through SMTP.