The PCI DSS certification process is designed to protect your sensitive data. WePay is a certified Level 1 PCI Compliant Service Provider (the highest level), which requires an annual independent security audit of our processes and systems. We test our system daily (manually and automatically) to ensure security.
WePay uses state-of-the-art cryptographic algorithms during data transmission (HTTPS with RSA 2048 bit key and SHA 256 certificate) and in our databases (AES 256 encryption with unique per-row keys). Our servers are kept in PCI and SSAE16 certified datacenters with 24x7 monitoring.
All WePay employees undergo background checks and security training. The development team follows strict SDLC process and OWASP security guidelines.
Your money is held in a protected account by our FDIC-insured or CDIC-insured partner bank, so your funds are never at risk.
You're not required to obtain PCI certification to use WePay. We take care of that for you. As the merchant of record on every transaction, WePay manages compliance, security, and payment processing.
We investigate all reported vulnerabilities, so if you believe you've discovered a problem, please email firstname.lastname@example.org.