Share a Refund Security
Share a Refund holds security to the highest regard. All software and supporting resources are implemented using best practices in application development for building highly-scalable, highly-available, highly-secure cloud-based applications. The information below details the security standards and procedures used to protect your information within the Share a Refund application.
Bidirectional encryption of communications between Share a Refund and external endpoints, including web services and client devices are executed over HTTPS protocol using TLS 1.2. This validates authentication and protects against man-in-the-middle attacks, eavesdropping or tampering with the information related to your Share a Refund account.
SSL certification is provided by Comodo using 256-bit encryption with support for 99.9% of browsers and devices.
Application penetration testing security audits have been performed by third-party service provider Synopsys to demonstrate vulnerabilities and guidance on addressing vulnerabilities to improve application security.
Credit Card Storage and Processing
All credit card numbers are encrypted and stored within Stripe using AES-256 encryption. Stripe is certified to PCI Service Provider Level 1, the highest level of certification available. All information managed by Stripe is protected within the Stripe privacy and security policies and adheres to federal regulations.
All Share a Refund services are managed within Amazon Web Services (AWS). Cloud security at AWS is the highest priority. The standards and certifications listed below support the global infrastructure of Amazon’s cloud.
ISO 27001 is the defacto international security standard that specifies security management best practices and compliance.
SAS 70 Type II Audit Completion
Independent auditors certified AWS resources with certification of operational performance and security in safeguarding customer data.
Monitoring and Logging
Internet traffic and resource utilization are analyzed using third-party software Amazon Inspector to identify potential application security issues. These resources are integrated into the DevOps processes at Share a Refund to ensure that security standards and best practices are included with all application features and improvements.
Identity and Access Control
User identities and related access permissions are managed within defined user roles. Invocation and revocation of access permissions is automated and specific to the role granted to each user. User identities are validated using an access policy related to the defined role of a user. The Identify Access Management Service provided by AWS is used to manage identity and access controls.
Things you can do
- Use a strong password when creating an account.
- Provide notification if you notice suspicious activity on your account.
- Inquire about performing security audits on Share a Refund’s best in class shipment auditing platform.