GBB follows industry standards when it comes to implementing security measures in how we process, store and use the data supplied by user input.
GBB uses the latest Ubuntu LTS release to host our system (https://releases.ubuntu.com/). This one of the most stable and widely used open-source servers running Linux. GBB uses Digital Ocean, a highly secure global cloud infrastructure provider, to host its website.
Both of GBB’s website and app (GBB Dashboard) use encrypted traffic, which means every user interaction whether that’s logging into the app, registering or purchasing a subscription, is protected with SSL (X.509 certificates for Transport Layer Security encryption by https://letsencrypt.org).
GBB relies on highly popular and highly secure software to provide its services, including content management, user management and all commercial transactions. GBB’s custom-developed EcoPlanner and EcoAssessment application has been developed in conjunction with these other applications, and in keeping with their highly secure methods.
GBB uses WordPress (https://wordpress.org) as a back-end platform, which is an open-source software with thousands of contributors around the world. All of the functionality related to subscriptions, memberships, and user data is subject to continuous development and improvement following latest industry practices and trends.
GBB manages subscriptions, memberships and orders using WooCommerce (https://woocommerce.com). WooCommerce is a highly secure and popular ecommerce extension to WordPress. To read more about WooCommerce’s security protocols and capabilities, please visit the Site and Data Security FAQ page on the WooCommerce website
GBB EcoPlanner and EcoAssessment
GBB’s application is a custom solution, built as an extension to WordPress and WooCommerce, that follows the same standards when it comes to security and data processing, as we’re storing all of the information in the WordPress database. The app is exclusively using the WordPress API for the features/modules it offers, and is only extending the core system’s functionality.
GBB never stores customer payment information. Sensitive credit card data is not stored on our server, and is delegated & handled fully through Authorize.net (https://www.authorize.net) – one of the most popular payment processing solutions on the market.
GBB’s customer credit card number and security code are never stored on the GBB website. Through WooCommerce, all sensitive payment data is delegated and handled using a secure payment gateway provided by Authorize.net – one of the most popular payment processing solutions on the market. The payment gateway gives this sensitive information directly to the payment processor – payment information never enters or passes through GBB’s website database.
The payment gateway used by GBB does allow customers to ‘store’ credit cards or eChecks on the site via a secure method called tokenization in order to handle recurring payments and for convenience in future purchases by the logged-in customer. eCheck tokens store the last four digits of the eCheck numbers, while credit card tokens include the last four digits of a card, the card brand/type, and its expiration date, mostly so the customer can identify which token is for which card.
How Secure is Tokenization?
Extremely. With tokenization, customers’ actual credit card information is stored on the servers of the payment processor – never with GBB.
The only data saved on the GBB site is in the form of a string of characters called a token. These tokens are designed to be useless outside the precise context they’re created for. Imagine if, when you exchanged your money for chips at a casino or ride tickets at a fair, those chips or tickets not only couldn’t be spent on anything outside the casino or fair but couldn’t be spent by anyone but you.
Tokens are super-specific — specific to the customer, specific to the website, specific to the payment gateway’s payment processor, and specific to your merchant account with that processor. If any of those factors aren’t precise, the token won’t work as a placeholder for a customer’s payment information
Sensitive information like passwords is encrypted and safely stored in the database. GBB uses thorough and procedural data checks before interacting with the database in any way – either through our administration dashboard, or through the app. This means that malicious code characters or anything that’s considered dangerous is flagged and rejected by the system.
GBB uses the WordPress Jetpack suite of enhanced security features to further ensure site security, including spam filtering, regular security scans, downtime monitoring, activity logs and brute force attack protection. Please visit Jetpack to read more about the full list of delivered security features.
GBB’s use of highly popular open source software, ensures GBB systems receive an exceptional amount of attention and care to identify and remedy any security threats as they arise. All vulnerabilities and security issues are quickly detected, fixed and patched with frequent updates to WordPress and all of the plugins we’re using. GBB performs software updates regularly – making sure we’re providing the best and newest functionality offered by the WordPress ecosystem.
GBB performs regular back-ups to the database and to all of the files – making sure that we keep at least several snapshots of the system at all times.