Recurly uses a multi-layered approach to secure your customer's data, from storage and transit to user permissions.
Data Storage & Encryption
Recurly tokenizes and stores credit card data in a segmented, encrypted network with no public internet access. New encryption keys are generated daily, and existing keys are rotated regularly to maintain a high level of security. You can find more information about our security on our site.
Data in Transit
When sensitive information is in transit over public networks, it is encrypted using SSL connections with TLS v1.2 or above to ensure it remains protected. We also share more details about our PCI compliance in our documentation.
User Permissions
Recurly's user roles and permissions are designed to provide granular access to your staff accounts. Please note that at any permission level (including read-only), your staff will be able to view your customers' physical and email addresses. Our user management documentation provides more details on this.
Final Compliance
Ultimately, you will need to consult with a Qualified Security Assessor (QSA) to ensure you are following all security guidelines. If you do not currently have a QSA, you can find a list of PCI-approved QSAs at the PCI Security Standards Council website.
Comments
0 comments
Please sign in to leave a comment.