SecurityYour digital security means everything to us.
As you can imagine, it wouldn’t be very secure to share everything we do to make your online payments secure; however, here is some information to help assure you that we know what we are doing and take your security very seriously.
Our security team at Aptexx has over three dozen years of combined experience in developing complex banking and online payment solutions for global financial institutions. Aptexx contracts with multiple third party providers of digital security services, including Veracode, Security Metrics, and Cloudflare; to further secure our payment processing applications from malicious activity.
Aptexx currently partners with a variety of financial institutions, including KeyBank, Wells Fargo, ProPay, TSYS, D+H, FISERV, TransFirst and Vantiv. Each one of our partners regularly performs compliance audits and penetration tests. Aptexx would not be able to partner with these type of companies without implementing and maintaining the proper Application and Database Server security standards.
What is the difference between Aptexx.com and Aptx.cm?
Aptexx.com and Aptx.cm are internet domains owned by Aptexx, Inc that is located in Century City, CA. It is a common internet practice to own similar looking domains. Consider google.com and goo.gl. Both domains are owned and operated by Google™ (now Alphabet), despite the fact that goo.gl is registered with a Greenland domain extension and serves different purposes than google.com.
Why is your application registered with a ‘.cm’ domain extension?
It is a common misconception that domain extensions such as .cm identify countries of origin for web applications or imply that information is somehow being routed through that country. This is simply not the case. Many countries have their own extension but they merely serve as the registrar of the name. Once claimed, the registrant (Aptexx Inc. in the case of aptx.cm) takes it from there. No data is ever transmitted through any foreign country. Like many payment processing companies, our website is hosted using secure infrastructure provided by Amazon Web Services (AWS). The decision to utilize a domain extension such as .cm simply allows us to provide our customers with an even shorter, more convenient URL. We are not the only payment processor that employs this link shortening tactic. Consider PayPal.me — PayPal is a US Based company, employing a domain extension associated with Serbia/Montenegro for the purpose of a shorter, easier to remember URL. Also bit.ly, the most widely-used and extremely popular URL shortening service uses .ly, an extension where the registrar country is Lybia.
Is my payment method data encrypted? (IE: Card numbers, Bank Account numbers, etc.)
All payment information such as routing/account numbers and credit/debit card numbers(referred to as PAN by the Payment Card Industry (PCI) standard) is encrypted and tokenized in a completely separate PCI-compliant operating environment. All data is transmitted to this server through a 256-Bit Comodo Secure Socket Layer (SSL), the current web standard for encrypting data over the wire.
Why don’t I need a long, complex password to login?
It is a common misconception that long passwords containing letters and numbers are inherently more secure. All you have to do is google “passwords are not secure” and you will find a ton of articles on the subject.
To prevent unauthorized account access, Aptexx offers a 4 digit pin in conjunction with your email address or custom URL that is assigned to every resident. A 4-digit pin has a 1:10,000 chance of being guessed. Just like a bank, we monitor every login attempt. If we detect multiple failed attempts are made from the same IP address in a short period of time, Aptexx automatically blacklists the IP address and inactivates the resident’s account. Microsoft Windows 10, Venmo and other companies have adopted a 4-digit pin authentication.
If a resident’s account was ever compromised, the worst case scenario would be an unauthorized rent payment. No account data can be accessed or stolen since we only display the last 4 digits of the payment method.
What can I do to help ensure my payment information is secure?
Here are some tips:
- Don’t shop online over public WiFi that you don’t trust. Examples: Coffee Shops, Shopping Malls, Gas Stations)
- Don’t write your passwords down and stick them to your computer at work.
- Don’t use the same password or passcode for every online service you use.
- Monitor your transaction activity daily.
- Don’t provide payment information over the phone unless you have verified the identity of the person representing the organization you are working with.