Security Capabilities and Policy for Transmission of Payment Card Details
Credit card information is not stored on www.maritimephilosophyfriends.com or accessible to me (Gordon Cooper) as the sole proprietor of Maritime Philosophy Friends.
​
Maritime Philosophy Friends uses Stripe to process payments.
​
Here are the key points regarding Stripe's security capabilities and policy for the transmission of payment card details:
​
1. Stripe's information security policies and practices are aligned with the NIST Cybersecurity Framework.
​
2. Stripe maintains organizational, technical, and administrative measures to protect financial account information against unauthorized access, destruction, loss, alteration, or misuse. This includes encryption of information associated with financial accounts in transit and at rest.
​
3.Stripe encrypts sensitive card information the moment it is presented to the card reader through end-to-end encryption. The card data is then tokenized, and only the token is shared with the merchant's point of sale application, ensuring that sensitive card information is not handled by the application itself.
​
4. Stripe's infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment and doesn't share credentials with Stripe's primary services. Card numbers and other sensitive data are tokenized and isolated from the rest of the infrastructure.
​
5. Stripe is PCI-certified as a Level 1 Service Provider, the highest level of certification in the payments industry, and undergoes regular audits by a PCI-certified auditor.
​
6. Stripe's systems and controls are audited as part of SOC 1 and SOC 2 compliance programs. These audits provide independent assurance of the security of Stripe's systems, processes, and controls.
​
7. Stripe Terminal is certified to the EMVCo Level 1 and 2 standards, as well as the PCI Payment Application Data Security Standard (PA-DSS). 8. Stripe takes a zero-trust approach to employee access management, including authentication leveraging SSO, two-factor authentication, and mTLS.
​
For more detailed information, you can refer to the Security at Stripe document here: https://docs.stripe.com/security
​
​
​