There’s no doubt that the internet has brought myriad and far-reaching benefits to people and organizations worldwide. Unfortunately, it’s also brought hackers, fraudsters, and other criminal elements intent on stealing our personal and financial information. They are relentless, exceedingly inventive, and always looking for the next exploitable vulnerability.
Because of this ever-present threat, organizations should ensure that they have sophisticated, multi-pronged security and fraud-prevention processes, tools, and technology in place that will protect against the many and various threat types. They should also maintain the highest appropriate levels of compliance with security mandates and guidelines.
Businesses based on a recurring revenue model face particular challenges due to their high volume of transactions which tend to be more complex than non-recurring payments. The “big three” requirements for them are compliance (for example, with PCI mandates for handling customer financial information), security (of their customers’ data), and ensuring that their partners and customers are confident in the business’ ability and commitment to meet the needs of the first two issues. E-commerce businesses face additional vulnerabilities related to card-not-present (CNP) fraud.
Security and Compliance
Recurly is committed to maintaining a secure environment for our customers. Our environment exceeds the industry-standard payment security practices and mandates. We are PCI Level 1 and SSAE16 SOC 1 Type 2 compliant as a merchant service provider, and we maintain a highly available, N+1 redundancy throughout our entire infrastructure stack.
Following are some additional security solutions we’ve implemented to help safeguard our customers’ data.
Two-Factor Authentication (2FA)
Two-factor authentication provides an additional layer of security in accessing Recurly. In addition to a password, users must supply a verification code which is sent to their cell phone or email. This ensures that only intended users can access their account. This feature is strongly recommended for users with administrative access to Recurly.
Recurly Administrators have the ability to setup and manage different user roles and permissions. Defining distinct user permission groups with varying levels of access lets Administrators grant the access each user needs—because we understand that every user in your organization doesn’t need full access to the Recurly app and the data within.
The five permission groups are named to reflect the area of the Recurly application to which the user has been given access: Customers, Reports, Configuration & Integrations, Developers, and Admin. Read-Only access to the Customers section of the application is also provided. Recurly recommends that Administrators regularly review and update user permissions to ensure that they reflect up-to-date access needs.
Fraud is an ever-present and evolving threat in e-commerce. To counter this threat, Recurly has partnered with the leading fraud prevention solution (Kount), enabling our customers to protect themselves from fraudsters and card-not-present fraud, minimize chargebacks, and fight account takeover and account creation fraud. Using an automated fraud prevention solution also minimizes additional overhead costs resulting from manually reviewing orders flagged as suspicious. Read more on this topic here.
For Recurly, compliance with industry guidelines and mandates and the security of our customers’ data are critical aspects of how we do business. As custodians of your data, we take our obligations seriously. If you’d like to learn more about how Recurly can help you manage your subscription business, sign up for a demo below.