Payments

HOW WE PROCESS PAYMENTS FOR BOOKING REQUESTS

All booking requests must be made via credit card.  For security, we use a third-party credit card processor to manage all aspects of credit card payments and processing.  Furthermore, for your security, we do not have access to detailed guest card information.  All credit card processing is completed via Stripe. 


WE USE STRIPE TO PROCESS CREDIT CARD PAYMENTS

Stripe is an online payment processing and credit card processing platform for businesses.

When a customer buys a product online, the funds need to be delivered to the seller; Insert Stripe. Stripe allows safe and efficient processing of funds via credit card or bank and transfers those funds to the sellers account.

Stripes software includes both a payment processing platform, as well as a credit card payment gateway, and both are required in each successful online transaction-- making it the most efficient and simple software to choose for online payments.  More information regarding Stripe is available here


SECURE CONNECTIONS: HTTPS and HSTS for secure connections

Stripe forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard.

  • Stripe.js is served only over TLS
  • Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection

We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure that browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.

DATA SECURITY: Encryption of sensitive data and communication

All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plaintext card numbers but can request that cards are sent to a service provider on a static allowlist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services (API, website, and so on).