Security


What is Checkbook?

Checkbook is a secure payment solution that is changing digital transactions, providing consumers with an easier and more secure way to make mobile and online purchases. Instead of using easily compromised Credit/Debit Card data, consumers can pay safely online with Digital Checks wherever Checkbook’s payment systems are accepted.

How secure is Checkbook?

Data security is top priority at Checkbook. Our infrastructure was built from the ground up with stringent security checks. Our system architecture combines data encryption with tokenization to keep data secure at all times throughout the transaction process, providing a secure buyer experience while minimizing risk and reducing compliance costs for your business. Our founders helped define Security Standards at Visa and brought this knowledge to the development of Checkbook’s security standards.

How does Checkbook securely store customer data?

Checkbook stores all production data in a physically secure PCI DSS (Payment Card Industry Data Security Standard) Compliant off-site data center. In addition, all access to Checkbook’s servers is through encrypted network channels. Finally, Checkbook has strict policies for access control that limit who can access data and when.

How is the movement of data controlled between Checkbook and the merchant’s website?

Communication between the merchant’s portal and Checkbook occurs via secure protocols, i.e. over SSL. All movement of data between the merchant site and Checkbook is encrypted and transmitted over SSL. Checkbook uses API keys for each merchant, thereby reducing any possibility of tampering. The merchant’s API key is secured by the merchant.

What is the end user’s liability if Checkbook’s datastore is compromised?

The end user bears no financial liability; however, non-financial personal data such as name, phone, address, etc. may be available. The probability of a breach is extremely low given the multiple steps Checkbook takes to protect data: 1. All data is stored on servers in a certified data center. 2. All data is encrypted during transit. 3. A limited number of individuals have access rights to the data.

How can Checkbook verify my Bank information without storing it?

Checkbook POSTs your bank login credentials directly to your bank using certified and audited APIs from bank vetted institutions. At no time are your login credentials stored anywhere in Checkbook’s servers. Your Routing Number and Account Number are the only financial information that is stored on Checkbook’s servers

What additional steps does Checkbook take to mitigate fraud?

Checkbook has fraud detection at every level of a transaction designed to protect both merchants and consumers. Limits and velocity checks are standard for each transaction at the user level and at the time level. In addition, Checkbook employs pattern checks for additional fraud control. All applications and modules developed by Checkbook follow secure coding guidelines, including those recommended by OWASP.

External Audits

SOC 1/SOC 2/SSAE 16

alt text