Security

One of the most important considerations in providing our services at PayRange is security, so we have developed and operate an industry-leading security infrastructure.

PCI Compliance
PayRange’s systems and processes are designed to comply with the Payment Card Industry (PCI) Data Security Standards. Further, the service provider(s) of PayRange have been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1, the most stringent level of certification available. For any questions or concerns regarding our payment service provider, you may contact them at support@stripe.com.

SSL and HSTS
PayRange forces HTTPS for all services, including our public website. We use 256-bit encryption for the mobile app and between 128 and 256-bit encryption, depending on your browser, for our public website ensuring that all communications are secure. We perform regular audits of certificates we use, the certificate authorities we use, and the ciphers we support.

In addition to using HTTPS we strictly use HSTS to ensure browsers interact with PayRange only over HTTPS and never a non-secure connection.

Encryption
PayRange supports encryption through all steps of a transaction.  Our service provider encrypts the Card Data at the first step of the card transaction and sends it directly to their servers. Please visit www.stripe.com/security for more information. PayRange servers are located in secure data centers and physical access is monitored by security personnel 24 hours a day and requires multiple levels of authentication.

Card Data
The PayRange app does not view, pass through, or store Card Data, and Card Data is never sent to or stored on PayRange servers. PayRange does not store any personally identifiable card data on our servers. We store the last four digits of the Card Data along with a token issued by our Service Provider(s).

Disclosure
We rapidly investigate all reported security issues. If you believe you’ve discovered a bug in PayRange’s security, please contact us at security@payrange.com. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by PayRange.

Security Issues
For urgent security concerns or requests such as an incident, or suspected misuse of your account, please email our 24/7 priority security team at security@payrange.com. Please use our PGP public key so that your message is safeguarded. In your message, let us know how to contact you securely as well. Urgent requests will be addressed in 24 hours or less.

For non-urgent security questions, please contact support@payrange.com.

Our PGP key is below, which PayRange will use to sign all secure emails.

Learn about PGP.

Key ID: DFC238BD
Key type: RSA
Length: 2048
Fingerprint: 402C A1D4 C579 79F5 5DE4 4432 CD41 20CD DFC2 38BD

—–BEGIN PGP PUBLIC KEY BLOCK—–

mQENBFQ0EOkBCADB6NPmbVF/Q5u0mDVGjL3bh0OGgI3AfGXtWenV2kjRPb/060tw
AX1P6dnKS3AITCjeg1naKjaA3BH8WI2zrDsZTUzMNz9/g/V3oLAB0wtB79ZRLQG1
QLx4hMNBbaPZ83WqSX8tBPttErIb2C/2c0Xmjj8dBNnFUcVe814pO2zheSIpXFf+
Hv22KvY99kz/yPLkQjNwqxBeZEnxMALv9OODmV96uhr/d8B2nXXzh1S0Kf++k0C4
FeQcUMpQlZcWVQmnMal4u2bMlc9KWzcpDqaw3nehk4jM8uTt4Jm6ZCuI0L06Xjum
+xVYchFn4ilRARgB+WqpUBPGzbZH7eeEDtpRABEBAAG0H1BheVJhbmdlIDxzdXBw
b3J0QHBheXJhbmdlLmNvbT6JAT4EEwECACgFAlQ0EOkCGwMFCQu7OQAGCwkIBwMC
BhUIAgkKCwQWAgMBAh4BAheAAAoJEM1BIM3fwji972QH/0UXf8BfO0JOtCAoQBQJ
InvfuiloZznwVu8ub8X9KahZyjGzdaXfnubKiFsgxHlE7ocy/Anbj+Z9HgUioyfE
gzSUACUaau9tvyDMq14XoWMfZj5XqWUeypBkpBaL5E2lk3MoNx3f2BFrUKU3eh3c
niXYVgSjAO3pmcReTo6znivGsXMvhHrMXudiA1d0JOSy57yJIPK3l56ab51SKL08
UohImMCclGUDLtsfDNMdBFdXpS5sU0vNoVbydSam7bJu/m96aRTOvhx4w9xJRwQw
RfL8QpInqof4m59OAki2T8dOr5FSetKywErUHnP1+tu1RiW94/Y1ZKmtf2wC8WuG
Dfa5AQ0EVDQQ6QEIAOCwXO6Sen9kGO/wCRC75p5i5bcyfs6dyHiMwQKPm7EdiQwL
gpgZRZyW4RA59HvHYXI932IaDInyqTcTAsUdZkHMLdL8OSg3JL4tkvai6YmDU+f7
UDOIHt3VldlmH/1oNddj0B3WmRC88KvKWQeu279HVqimuoddQok5243pgGMeOPpZ
NebTyCbGadQGdWtM1IFlUoWumTZ39XZrApXY6GSEwpT6KdvLqqDEkwXzyPW1FEqi
wXfl6mSCoHLlQVcGhkfx7oeuBfLW9q+x9akezbXOoXV6IVOLdZ5J8iQlLea8OkHC
O/c7//Yi5gm5KapPGVyswl0jZeFV3t+PzplnCHEAEQEAAYkBJQQYAQIADwUCVDQQ
6QIbDAUJC7s5AAAKCRDNQSDN38I4vQLDCACPIdbz80TWMqyL8WsuN4NSTNCouAdm
6qhvlA2MEpw74ZubMqap5lXq2NZjUReYVaVGczfhiFZaGaHvAzv0ycSDNbrPQ0zt
P2is4DiB93yBrjqHanizcWyG3pk8s2tNeULRPqDk0/eopx4rVHI0HaAtOLgRT7Z0
9EwL9obUOktkbLy3Ymm67fFURaPEQI0G7WUboaesiWzK2e+elYu5fZFqhgZhQody
OkiZj0srU+PPbRTePMlECsHnnB1+q1dMA2fQKBKn6Ky2rjw7kb7smoPEkIgCejrb
sX5EzuqgkP8EgolpwiYSW5dn2+zAT9wb+0nLHa6MxJN0ZUnTexbHSUK9
=IQ3I
—–END PGP PUBLIC KEY BLOCK—–

 

October 2014
v1.1