PCI DSS Policy - Credit Card Security

Quick links:   Privacy Policy  |  Terms or Service  |  Bug Policy  |  EU Cookie Policy  |  End User License Agreement  |  Credit Card Security

Last revised: Monday, 4 September 2017

Kutamo Pty. Ltd. follows the principals and standard set out by the PCI Standards Council for storing and handling credit card information.

Anyone involved with the processing, transmission, or storage of credit card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Kutamo uses the payment services provided by Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security at Stripe.

How we handle credit cards

To summarize our methodology for processing and storing credit card deatils.

  • We process all credit card payments using Stripe, as outlined above.
  • We do not store any full credit card numbers or magnetic stripe data.
  • For customer service purposes, Stripe provides us with the last 4 digits and the expiry date of your card. This is to assist us in validating any support request you may have about your account.
  • We comply with, and meet the requirements of PCI DSS SAQ A-EP
  • Whilst we don't publish it on our website, we are happy to provide a copy of our compliance certificate to any Standard or Enterprise customer on request.

What is Stripe?

Stripe, not to be confused with the magnetic strip on the back of your credit card often called a stripe, is a 3rd party provider we use to process credit cards. They are one of the largest and most respected providers globally.