Payout provides security and compliance without the hassle.
Payout has been audited by a PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. We ensure that your customers' cardholder data is stored, processed and transmitted securely according to PCI Data Security Standards.
As long as you don't store or transmit cardholder data on your own servers, your PCI requirements will be greatly minimized. This allows you to focus on creating the best experience for your customers and stop worrying about compliance.
See our PCI Compliance page for more details.
All card data stored by Payout is encrypted with AES-256 before it ever touches a disk. We use strong, cryptographically secure keys which are rotated regularly. Accessing encryption keys triggers multiple alerts which notify key security personnel to investigate the event.
All passwords and API secrets are one-way hashed using Bcrypt with a factor of 10. API secrets are generated using cryptographically secure random number generators and represent over 128-bits of entropy. This prevents your customers' card data from being used without your permission.
Commitment to Security
Payout is committed to maintaining secure systems and applications. All software and configuration changes go through a rigorous multi-level review process. This ensures that your data is secure not only today but tomorrow, as well.
Payout operates a highly segmented network and application architecture which minimizes where card data is accessible. The majority of our backend systems are not capable of either accessing or decrypting card data. This minimizes our attack surface area and ensures your customers' card doesn't end up in the wrong hands.
Payout's infrastructure is hosted within Amazon Web Services which operates PCI Level 1 compliant data centers. This ensures that your data is not only electronically secure but also physically secure from attackers.