Security

Safety, Security, and Fraud Protection Every Step of the Way

Safety, Security, and Fraud Protection

USAePay ensures this with every transaction.

USAePay takes pride in our high level security, making it our number one priority to make sure your transactions are processed securely. We use the following security measures to ensure your security:

Third-Party Security Scanners/ Assessors

USAePay uses multiple third-party security companies to ensure that our security is always meeting the strictest of industry security standards. Every security assessor working with USAePay provides a seal for our clients to view our certification for meeting security standards.

Transport Layer Security (TLS)

All of USAePay’s communications and processing occur through Transport Layer Security (TLS). TLS ensures privacy between communicating applications and their users on the Internet. To ensure the highest level of security, USAePay uses a 2048-bit RSA key and does not support cyphers known to be weak or vulnerable.

Level 1 PCI Compliant

As one of the first payment gateways to become Level-1 PCI compliant, USAePay is committed in ensuring that all processed, stored or transmitted credit card information maintain a completely secure environment. USAePay updates our PCI guidelines based on updates of regulations and requirements through our annual Level-1 audit.

This audit includes scanning our system thoroughly and submitting a complete Report of Compliance (RoC) to the PCI Security Standards Council. To request our Attestation of Compliance (AoC) report, banks and resellers can email us at resellers@USAePay.com

Identification through Secure Source Keys

Each Merchant toolkit communicates with the gateway using a unique high-bit encrypted string called a Key. When information is sent to the gateway, the Key identifies not only the merchant, but also the specific toolkit from which the information originated. It also provides the opportunity for merchants to use separate Keys for each individual toolkit. Merchants can also revoke a Key if they notice that it is being misused.

Fraud Prevention

The USAePay Fraud Stopper is built on a Module Stack Design. Each module controls a different aspect of security and merchants can choose which modules to include in the fraud control stack.

Some examples of modules include: duplicate transaction control, block by country, block by IP address, and many more. The Module Stack Design provides the opportunity for merchants to add or change their fraud modules depending on their unique security needs. USAePay is always adding new fraud modules to the Fraud Stopper to keep our merchants up to date with the latest fraud security.

Fraud Stopper also allows merchants to apply different fraud settings to different Keys or Sources. For example, a merchant may wish to implement a high level of fraud control for an online shopping cart, but a lower level on the console for their own employees.

Storing Credit Cards the Secure Way

USAePay realizes that the theft of lists or databases in which credit card information is stored can have dire consequences for merchants and their customers. With this in mind, USAePay has developed a revolutionary new way of storing credit card information.

In the USAePay system, each credit card number is stored individually, making it impossible to steal an entire list or database full of sensitive data. Credit card numbers can only be viewed on an individual basis by unlocking or decrypting each one. If a card number is needed, the requested number is decrypted and unparsed from the system, a process that takes only a few seconds.

USAePay’s non-database system provides the highest possible level of security for credit card data storage.