NiftyPay  - Powered by iTransact        
            Home           Pricing           Sign Up Today       Developers Kit           FAQ           Demos & Forms                       Client Logon

UNSURPASSED SECURITY

NiftyPay has partnered with iTranasct which combines a Secure Commerce Server (SSL technology), PGP encryption, and proprietary technologies to enable merchants to accept payments easily and securely without the need to invest in costly security systems of their own.

The following is a detailed description of our partnership in secure online payment systems.


PCI Compliance

iTransact, NiftyPay's technology/backend partner, is fully compliant with the Payment Card Industry's Data Security Standards (PCI DSS). PCI standards are enforced by Visa, MasterCard, American Express, and other leading card brands.


iTransact's most recent PCI audit was conducted by Specialized Security Services, Inc. View the Certificate of Compliance.



WHAT IS A SECURE SERVER?

A secure server is one which takes advantage of Secure Sockets Layers (SSL). This is a protocol developed by Netscape Communications Corporation to provide privacy and security for documents being transmitted via the Internet. SSL uses a private key to encrypt data being submitted from a browser before it is transferred over the Internet via the SSL connection. (Browsers such as Netscape's Navigator and Microsoft's Internet Explorer support the SSL protocol.) When the data reaches the SSL-enabled web server, it is decrypted. If the data were to be stolen during this transmission, it would remain unreadable. Many Web sites use SSL to obtain confidential user information, such as credit card numbers. Web pages that incorporate SSL generally have a URL starting with https: instead of http:.


SSL IS NOT ENOUGH

One of the major misconceptions regarding Internet security is that information submitted to a server using SSL will always remain encrypted and secure. This is not true. A secure (SSL) server alone does nothing to protect the data after it is received. SSL creates a secure path between the user's browser and the SSL-enabled server. However, the information is only secure during the time that it is being transmitted from the browser to the server. Once the information reaches the server, the information is decrypted and SSL has no effect. If there is no further encryption taking place once the information reaches the server, the security of the information is compromised.


SECURITY – BEYOND SSL

We take advantage of advanced security and encryption features to ensure the security and safety of customer data. After customer data (credit card number or checking account number) arrives at iTransact's server via SSL, it is re-encrypted using PGP (RSA algorithm), which makes the information unreadable. This information is then pushed to an offline server (not accessible via the Internet) where the information is safely decrypted and the transaction is completed.


Credit card and checking account data is never stored online in plain-text (readable) format. In addition, this information is never transmitted in plain-text via email, socket, GET, POST, etc.


SIMPLIFYING COMMERCE

Since most merchants accepting online payments do not have access to a secure server, and even fewer utilize advanced encryption technologies, we saw a need to simplify online commerce.


A merchant wishing to accept credit card and/or check payments online simply creates an HTML order form using the templates supplied within the merchnat's control panel. Each merchant is given a unique Merchant ID that is included in the HTML source of the order form. There is no need for the merchant to have a secure server. A customer wishing to make a purchase from the merchant simply completes the merchant's online order form. The customer can then be directed to iTransact's secure server to enter their account information.


           Home         Legal     Reseller Program    Privacy Policy     Contact                                                             © 2005-2012 K-Factor Technologies, Inc.