 |
 |
 |
|
 |
|
Secure Socket Layers (SSL) This security arrangement sits just below such protocols as HTTP and uses the lower-level TCP/IP to allow SSL-enabled PCs and servers to authenticate to each other. SSL creates single-session key exchange, using public and private key data encryption (usually 128-bit) from RSA Data Security for enciphering and deciphering encrypted SSL transmissions.
SSL 1024-bit Data Encryption All of BillingTree's communications and processing occur through Secure Socket Layers (SSL). To ensure a higher level of security, we use 1024-bit SSL encryption with every transaction. Any toolkits linked for use with the BillingTree gateway are also tested to be certain that security is established properly. With the proper security-layers setup between toolkits and the gateway, we ensure that no information can be stolen and all information is securely transacted. Identification Through "Keys" An older, more conventional way of communicating and identifying with gateways was the use of usernames, ID's and passwords. BillingTree realizes that this method is insecure. For this reason, we use a "Key System" for identification. Merchants' toolkits (for example, software) communicate with the gateway by using an assigned high-bit encrypted string called a key. When sent into the gateway, the key is processed to identify the specific merchant as well as the toolkit to which it belongs. This method allows merchants to feel safe knowing their toolkit source code doesn't contain such critical information as their usernames, and it allows merchants to separate their toolkits by assigning individual keys for each one. Merchants can revoke keys at any time if they notice that these keys are being misused by malicious online users, and different fraud protection layers can be applied to each key within the BillingTree Fraud Stopper. Fraud Stopper The BillingTree Fraud Stopper relies on its Module Stack Design. Each module controls a different aspect of security and merchants choose which modules to put on their fraud-control stacks. Some examples of modules are duplicate transaction control, block by country (and/or state, city, zip, name), auto detection of toolkit misuse by customers, block by IP, and many more. This design allows the merchants to add or change their fraud controls constantly and BillingTree is continually adding new modules to the Fraud Stopper, and always remains up to date on fraud-security issues. Fraud Stopper also allows merchants to apply different fraud controls to different keys (sources), so merchants can maintain high levels of fraud control on their websites but low levels on the consoles for their employees. A New Way of Storing Payment Data BillingTree realizes that the most common merchant attack is the stealing of a list or database of payment information. With this in mind, BillingTree has developed a revolutionary new way of storing data to prevent such attacks. The BillingTree system contains no database or list; therefore the idea a malicious attacker stealing data is impossible. Payment data is stored on an individual basis and can only be viewed on an individual basis by unlocking or "de-encrypting" each one separately. A merchant never has to call up a "list" of data. If certain information is needed, the data is decrypted and un-parsed from the system, a process that requries only seconds. Only one instance can be viewed at a time. This non-database design of storing payment data provides the utmost level of security toward payment storage to date. Any More Questions? We want merchants to be confident in our security standards at BillingTree. If any questions have not been answered concerning our security, please feel free to email our technical support group for answers at the following address support@mybillingtree.com.
|
NEWS & EVENTS
 |
||
|
|||
