We take security serious
Putting Security First
Everything we do or develop for you and your customers starts with security. From creating or enhancing our security technology to adhering to industry standards for our payments network to a formal set of policies used throughout our organization, your data – and your customers’ data – remains protected.
Simple, Yet Secure
While Due’s process for keeping your data secure seems simple, it’s because there is very sophisticated technology behind the scenes that makes it work that way. What you get is a secure and trustworthy transaction process based on encryption technology that tokenizes the data when it reaches our servers.
This means we can track the transaction – from purchase and payment until the funds are deposited in your bank account – but the data never touches any device you are using for that transaction.
Due’s fraud monitoring and detection processes are designed to identify suspicious behavior throughout the transaction process. If identified as potential fraud, our technology stops that activity in its tracks. We don’t want your business, brand, or bottom line to be impacted by fraud.
Looking Out for You
Since we take the responsibility of serving as the merchant of record for every transaction we participate in, you can feel confident that your business is safe from responsibility for PCI compliance, regulatory standards, processing and fraudulent activity. Due’s card-processing solution adheres to the PCI Data Security Standard (PCI-DSS), which means you don’t have to worry about fulfilling this requirement within your own business.
As your partner, Due works with banks and anyone that disputes a transaction on your behalf. We work tirelessly to ensure you get the money in your bank account quickly.
Multiple Layers of Security
Layer upon layer of security processes stand between you and fraudsters. Due’s live monitoring employs risk visualization to analyze every transaction as it occurs in order to stop the fraud before it can actually happen. This automated system is especially helpful as we grow our business and take on thousands of transactions every day.
Strength in Numbers
While it may seem that the bigger a company grows, the more difficult it is to stay on top of every transaction with the same level of detail. Due has been able to get better with every additional transaction thanks to the use of anti-fraud algorithms that employ machine-learning technology. The more transactions it studies, the more it understands the patterns within those and the potential behaviors of those just about to commit fraud. In that way, they can identify the crime before it’s happened.
All the Components of a Highly Secure Solution
Due’s highly secure solution is composed of many building blocks:
- Network and servers in a secure facility that has a dedicated security staff that monitors them 24/7/365;
- PCI Data Security Standard (PCI-DSS) card-processing system and applications;
- Industry-leading encryption technology for all data that is stored on disk or transmitted via a public network;
- Standard cryptographic protocols and message formats for data transfer, including SSL and PGP;
- Cryptographic keys of at least 128 bits and asymmetric keys of least 2048 bits;
- Ongoing security updates, patches, and settings for servers and equipment;
- Restrictive firewalls for all network connections and segregated networks based on various security levels;
- No storage of magnetic stripe data, card numbers, or security codes on your devices;
- Stringent quality testing and review of all in-house applications; and
- Industry-standard coding guidelines, including OWASP recommendations, for all web development of software and applications.
Due’s Security Culture
Beyond our network, servers, and software, we have embedded security within our organization, functions, and culture:
- Our in-house and outsource talent have all been trained to act according to our formal set of security policies that puts you and your customers first.
- All sensitive data is encrypted and we retain access to cryptographic keys, sensitive data, and application data.
- Administrative access is determined by two-factor authentication and strong password controls.
- Internal and external teams regularly test and review security systems, processes, and audit logs.
- Security policies and procedures are regularly reviewed and revised, according to new regulations or compliance changes.
- Due has specific contingency planning and incident response tactics in place to ensure data protection in the event of an emergency or natural disaster.
We value our customers and research community’s efforts to contribute to making our payments solution even better. Responsible reporting of any problems experienced while using our payments service helps us to quickly resolve any issues. Although some choose to blame researchers for what they disclose about certain platforms, Due promises not to seek legal action against those that identify problems in our solution.
Instead, we want you to share everything you have discovered that might be a problem within our payments system. We only ask that you do not disclose the issue to others until we have been able to research and address the problem ourselves, do not take actions that intentionally ruin the Due payment experience for anyone else, and do not change or damage others’ data.