Miwuki uses Stripe’s secure token mechanism. Card numbers are tokenized (the number is changed to an undecipherable string, IE: `tok_fafds23423′) before we charge the card. Saved cards & bank accounts for recurring donations are also tokenized. Therefore, Miwuki doesn’t have any record of the donor’s card number in our database and logs. That means hackers will never get sensitive card or bank information from us.
Miwuki is PCI compliant under “PCI validation: SAQ A”. We utilize Stripe Elements technology that has financial input fields which are done securely in Stripe’s iframe. Stripe is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.
The transmission between the donors, the Miwuki form, and Stripe is encrypted using 256bit SSL/TLS. Stripe is one of the most secure and trusted payment providers. It is used by Twitter, Shopify, Kickstarter, and Lyft.