While we do a lot of things differently at Swoop, we don’t break the rules.
We’re big believers in following industry best practice security standards.
Email Fraud Prevention
Swoop performs fraud analysis on every transaction that moves through our system, using industry standard and proprietary algorithms to verify the customer identity, the origin of the request, and the validity of the transaction.
Swoop monitors incoming email characteristics for “red flags” and requests additional confirmaton where we are unable to verify a transaction’s source.
Credit Cards are stored in a PCI-compliant vault
All credit card information is handled under strict PCI compliance. Customers’ full payment information is stored in an independent secure 3rd party vault, not on Swoop’s servers.
Tokenization and Information stored by Swoop
Swoop creates a token representing each transaction. The consumer’s email address is the bridge between the Swoop token and the payment token issued by the payment vault. No credit card data is contained within an Swoop email, so the customer is always protected.
All sensitive data transmitted through secure connection
Swoop only uses Secure HTTP connections for all services we provide. All data is encrypted with industry-standard SSL certificates when in transit over public networks. Customer data and other sensitive information is stored in a secure database on a network with no public internet access.
Swoop servers are protected by firewalls and security rules to limit access. All server transactions are logged and audited by automatic processes. Swoop utilizes Host-based Intrusion Detection systems to alert us of unusual activity.
Swoop’s servers are located in world-class, highly secure data centers with electronic surveillance and multi-factor access control systems. Data centers are staffed 24/7 by trained security guards, and access is strictly controlled.
Text Message Dual Factor Authentication
Swoop provides a unique Dual Factor Authentication in our text payment solution that utilizes both SMS and email. SMS spoofing can create issues not only for the consumer but also for an organization’s merchant account. Without a secondary form of identification it is very difficult to verify the authenticity of transactions done over SMS.
When an Swoop consumer texts to donate or pay a bill from an Swoop-registered phone number, Swoop will send back a text message with a MAILTO link, which automatically generates the payment email. When the consumer sends the email, Swoop processes the payment. In other words, the payment is initiated through SMS and then seamlessly confirmed through SMTP.