ChargeDesk uses advanced, strong encryption wherever possible. As we deal with your payment information, we consider it vital that we use the latest, most advanced security techniques at all times.
"If it can’t be done securely, we won’t do it.
We've invested heavily into our security systems. If it can’t be done securely, we won’t do it. Below you can find some of the key points in our security policy so you can better understand how we keep your data safe.
All communication with our site is performed through a secure connection. We do not provide any non-SSL endpoints. This ensures that all data you send to us and receive from us can not be intercepted by a third party during transmission. We support the most modern ciphers and important recent innovations such as Forward Secrecy and Strict Transport Security. Data encryption is applied wherever possible which means that even in transit between our servers, your data is kept encrypted. You can find a real-time rating for our current level of SSL support on ChargeDesk at Qualys SSL Labs.
Once you transmit data to us, it's also highly important that we keep that data secure. While we do not store complete credit card data on our servers, we do store related information such as payment gateway keys. In order to maintain security on our stored data we follow a number of best practices including strongly encrypting all critical keys and passwords. We use only up-to-date software with the latest security patches.
We use a third party enterprise-class web application firewall to restrict access to our services. We have internally developed a highly advanced Reputation Management System. This system protects all customer data access points and automatically blocks any threats it identifies. Our Reputation Management System uses risk profiles sourced from both third-party vendors and data models based on activity performed on ChargeDesk. It includes multiple layers and identifies many different types of threats, from SQL injections to password guessing to access key enumeration. We use a ‘block first, ask questions later’ approach and all subsequent requests by a potential threat will also be blocked - only a manual review by our support team will lift a block.
We support 2 factor authentication which you can enable on any account. This ensures that you are not just relying on a password for securing access to your account. You can enable this from the edit account page.
We perform regular third party vulnerability scans and service integrity checks. All our servers are firewalled and kept updated with the latest security patches. We limit vectors of attack by restricting access to critical components of our service wherever possible. All security keys and passwords stored by our application on your behalf are kept encrypted at rest.
Please contact us if you have any further questions about our security.