We will refer to the customer's credit or debit card simply as "card".
When a customer makes a payment using their card, we do store the provided details in our billing system database. This information is stored to automate invoice payments, domain renewals and other billing-related services to make it more convenient for our customers.
The following information is stored when a customer pays with their card…
- The full card number
- The last 4 numbers of the card
- The expiration date and/or the issue date
The CVV or security code is never stored on our systems and is passed to our payment processor when provided. All of the above information is stored in a 256-bit AES encrypted data blob and seeded with a passphrase that is 32-random-characters in length. The passphrase is only known and accessible by 2 employees within our company. Even if the encrypted data blob is retrieved, it cannot be decrypted without the passphrase.
The database system that store all user information, services details, invoices, support tickets etc. is not publicly accessible, do not run locally alongside the billing system web server and are secured with very strong randomly generated passwords that are changed every 180 days.
Our billing software is updated as soon as possible when a new release is available to maintain high levels of security. We also have in-house developed scripts and software that monitor requests and traffic for intrusion attempts, SQL exploits, injections, fake or fraudulent signups and more. We also exceed PCI requirements which are designed to ensure that your credit card information is secure and that our network and servers meet the PCI counsel requirements for storing and processing cards.
While no system is 100% secure, we do our best to make sure that our system is as secure as possible. We monitor for new threats, new exploits, and fraudulent activity to make sure we stay on top of our security.