WeSupply offers Post Purchase Customer Satisfaction Solution for online businesses across various industries. Businesses can track, inform and communicate with their customers regarding their orders using WeSupply as their extended solution on the cloud. Businesses can leverage WeSupply’s highly secure, scalable system to provide a great Post Purchase optimization experience to their customers.
We take security very seriously and we continuously look for opportunities to make improvements.
WeSupply is SAQ A compliant
The Payment Card Industry Data Security Standard (PCI DSS) is a set of policies and procedures that have to be followed by the organizations that process, store or transmit card data. The PCI Security Standards Council is governed by the five major payment card brands – American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.
WeSupply is using Chargebee’s hosted payment pages + Braintree Gateway
In this method the card information of the customers are collected by Chargebee’s secure hosted pages and directly passed on to Braintree.
Physical & Network Security
We use Amazon’s AWS platform and infrastructure for WeSupply. WeSupply employees do not have any physical access to our production environment.
Here are more details about security setup of AWS.
“Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, with military grade perimeter control berms. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in. They are also continually escorted by authorized staff.”
In addition to physical security, being on AWS platform also provides us significant protection against traditional network security issues on the infrastructure such as
- Distributed Denial Of Service (DDoS) Attacks
- Man In the Middle (MITM) Attacks
- IP Spoofing
- Port Scanning
- Packet sniffing by other tenants
Administrative privileges are restricted to very few employees. Additionally both application level roles and AWS roles are used to ensure only required operations are allowed for specific users.
Any administrative access are automatically logged and mailed. A detailed information on when/why the operations are carried out are documented and notified to the security team before doing any changes in the production environment.
SSH keys are required to gain console access to our servers and each login is identified by a user. All critical operations are logged to a central log server. In addition our servers can be accessed only from restricted IPs.
- Secure Access
WeSupply application servers can be accessed only via HTTPS. We use industry standard encryption for data traversing to and from the application servers.
- SQL Injection
We use prepared statements for database access to avoid SQL Injection.
- Encrypted Data Storage
We do not store sensitive card details on any WeSupply network.
Vulnerability Scanning & Patching
We periodically check and apply patches for third party software/services. As & when vulnerabilities are discovered we apply the fixes. We do periodic vulnerability scanning using the services of an authorized QSA.
We use both internal and multiple external monitoring services to monitor WeSupply. Our monitoring system will alert the Operations & Security Team through emails and phone calls if there are any errors or abnormality in the request pattern.
We are working continuously to make our system secure. If you find any security issues, please submit it to [email protected] We take security as our highest priority. We will make sure the issue is fixed and updated at the earliest.