PaySimple takes security very seriously. Our platform uses the most powerful security tools that exist in the marketplace and all sensitive information, including bank account and credit card information, is stored encrypted.
The PaySimple website and all PaySimple Solution modules, including hosted webforms, use a 256-bit DigiCert certificate, but accommodate the majority of browsers at 128-bit encryption.
Processing is performed by SSL (Secured Socket Layer) and compliant with PCI DSS - Payment Card Industry Data Security Standards.
PCI DSS Certified
Payment Card Industry Data Security Standard (PCI DSS) has become one of the most important advances in the credit card industry and online security, and is now required by Visa/MasterCard for all merchants handling credit cards. Not following these rules can result in fines to the merchant and processing privileges being suspended. Coalfire Systems, a VISA Qualified Security Assessor, has independently audited PaySimple and certified that PaySimple is PCI DSS compliant.
Payment software or services utilized by merchants must be certified compliant in order for the merchant to be PCI Compliant. And using a PCI Compliant service provider for vaulting cards and payment processing greatly reduces a merchant’s PCI burden. As a certified Level 1 PCI Service Provider, PaySimple strictly follows the PCI DSS rules, without inhibiting business processes.
PaySimple encrypts all stored credit card data, and it cannot be decrypted except during the process of transmitting a transaction.
PaySimple never stores CVV2 data, however it can be submitted with one-time authorization requests to enhance security and the probability a transaction will be approved.
PaySimple never stores swiped track data for any reason.
Service Organization Controls (SOC)
Service Organization Controls (SOC) reports are designed to help service organizations, organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant. PaySimple obtains an annual Type 2-SOC2 report, which is a report on controls placed in operation at a service organization relevant to security, availability, processing integrity and confidentiality, and tests of their operating effectiveness.