Website Security

For secure processing of transactions during checkout, the payment gateway offered by Elavon (the U.S.'s fourth largest credit card processor), Converge (formerly "VirtualMerchant"). All payment data is encrypted before it leaves your browser and routed directly to Converge. We never store customers' sensitive card payment data. In fact, this sensitive data never even passes through our servers.

To accomplish this, Converge dedicates significant resources toward a strong infrastructure, and adheres to both strict internal security policies and industry security initiatives.

With Converge, our customers can be confident their data is secure. Converge utilizes industry-leading technologies and protocols, such as 128-bit Secure Sockets Layer (SSL) and they are compliant with a number of government and industry security initiatives.

Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures. Each year Converge renews their PCI DSS compliance. To confirm their PCI compliance, please see Elavon's entry on [Visa's list of compliant service providers]( ).

SSAE-16 (formerly known as SAS70)

Statement on Standards for Attestation Engagements (SSAE) No. 16, commonly known as SSAE-16 defines the professional standards used to assess the internal controls for organizations that provide outsourcing services which impact the control environment of their customers. Converge is validated annually by external auditors for SSAE-16. SSAE-16 can also be referred to as SOC 1 or Service Organization Controls (SOC) 1 report.

Additional Legal Compliance

Converge and its parent company Elavon validate security measures against applicable sections of numerous federal and state laws-HIPAA, GLBA, California Senate Bill 1386 (SB1386), and many others. Their industry partners also perform regular audits.