All systems and processes of SwipeSimple and CardFlight are designed to comply with the Payment Card Industry (PCI) Data Security Standards.
SwipeSimple forces HTTPS for all services, including our public website. We use the highest level of SSL encryption possible, using 256-bit Extended Validation to ensure that all communications are secure. We perform regular audits of certificates we serve, the certificate authorities we use, and the ciphers we support. In addition to using HTTPS we strictly use HSTS to ensure browsers interact with SwipeSimple only over HTTPS and never a non-secure connection.
SwipeSimple supports encryption through all steps of a transaction. Card data is encrypted from the reader to our servers to our supported payment processors. All card data is encrypted using the highest level of TDES data encryption using DUKPT key management, guided by PCI-DSS requirements. Each SwipeSimple reader is assigned a unique serial number for tracking purposes.
Our infrastructure for decrypting, and transmitting card numbers runs on a separate server, and doesn’t share any credentials with SwipeSimple’s primary services (API, website, etc.). Physical access to our servers is monitored by security personnel 24 hours a day and requires multiple levels of authentication, including biometric procedures.
Card data is fully encrypted from the SwipeSimple reader to our backend server, and cannot be read or decrypted by you, reducing your PCI Compliance requirements.