Transactions on Delegate PAY are facilitated through PayPal or Stripe.
Both Paypal and Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
Paypal holds certification under many programs and standards, including the Visa Cardholder Information Security Program, Mastercard Site Data Protection Program and the American Institute of Certified Public Accountant’s Statement on Standards for Attestation Engagements No. 18 SOC 1. To safeguard both personal and financial information of all users, Paypal automatically encrypts all sensitive information sent between your computer and their servers.
Meanwhile, Stripe makes use of best-in-class security tools and practices to maintain a high level of security. All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).