Credit Card Security @ Peak

[Alan]

Yesterday morning, a craftserver member brought it to our attention that a number of people here have recently experienced fraudulent activity on their credit cards. As one of the largest suppliers, it served as an excellent reminder for me and my staff as to why we take every measure possible to protect the sensitive information of our customers. We invest a lot in security, and ideally that investment is uneventful, we never hear a peep about any breach in security. Issues like this though, do give the topic of information security the attention it deserves. Even though we always keep information security at the forefront of our priorities, I spent the better part of yesterday and last night reviewing our IT infrastructure, and reviewing our practices and procedures to ensure that we are doing everything we can to safeguard our customers information. I sleep better that way.

While I can’t tell you everything about our security practices or infrastructure on a public message board because it could potentially be a security vulnerability (keeping infrastructure topology private is an important part of security), I will share with you some of the practices and procedures that we carryout at Peak to safeguard your information.

When you place an order on our website, your credit card info is encrypted before it leaves your web browser. It arrives at our servers and is then encrypted again before being transmitted to the credit card processor for authorization. The processor then returns a transaction ID that is used by us to continue processing your order. By the time your order ships, all CC data for your order is purged from our systems, except for the transaction ID. That transaction ID is just a number that we use to communicate with the CC processor in the event of a refund or adjustment. It is worthless information for anyone outside of Peak.

We do not outsource our hosting. We’re in full control of our own servers. There are no third-party hosting companies involved, or third party employees to worry about. In the almost ten years that we have operated, we have never experienced a breach.

Our IT Specialist is a full-time employee of Peak that has passed numerous background checks and has tremendous experience in information security. His training was provided by the US Army. He holds certifications and professional development experience in Systems Administration and Security, Network Management and Security, Defense Messaging System/Tactical Messaging System Administration, and Information Assurance Security Officer. He also helps pack orders when needed.

While I’m confident that we follow industry best-practices in securing our IT environment, nobody can ever be too sure. Hence, we outsource security audits to companies that specialize in scanning networks and identifying security vulnerabilities before they are exploited. We just had a thorough audit performed on March 2nd by Mcafee Secure to insure that we are meeting Payment Card Industry Data Security Standards.

With all the security measures in place, I would be foolish to say we are bullet-proof. However, we value our customers and I can confidently state that we will continue to do everything we can to safeguard your personal information, just like it was our own, while shopping at peakcandle.com. We take security very seriously.

Kind regards,

Alan Wallace

President

Peak Candle Supplies

[Faerywren]

Thank you for the explanation. I love Peak!

[Candybee]

Thank you Alan! Big thumbs up for Peaks!!!!

[Freezin]

Thank you Alan for taking the time to explain this and doing such a good job.

[Georgia]

Thanks, Alan! I felt some panic reading the threads about credit cards being hacked, but the only order I have place recently was with Peak. I was very confident that I would not be a victim of this "incident".

ps aren't those kids in high school by now? really need a new pic.

[Alan]

...

ps aren't those kids in high school by now? really need a new pic.

High school? Not so fast! I ain't that old just yet.

[LuminousBoutique]

Thanks Alan- signs point elsewhere... but its great to know you guys are on it