MBF Sponsored Walk – Potential Website Security Issues

MBF Sponsored Walk – Potential Website Security Issues

Dear Brethren

During this last week, certain issues were raised surrounding the security of the Online Portals which have been set up to allow brethren to sponsor the forthcoming 2017 MBF Mark Charity Walk. I have raised these issues with the Deputy Grand Secretary V.W.Bro. Ryan Williams P.G.J.O. He has had the issues investigated, the following is his comprehensive answer regarding the issues raised, which should now give all brethren full confidence that the Online Portals are total secure.

W.Bro. Alan Oldfield

Provincial Grand Secretary

         ———————————————————————————————

Donation pages within the MBF Walk Website are effectively formed in two parts. These parts appear to be one seamless donation section, but they actually contain separate collection sockets for the following data:

  • Financially Sensitive Data
  • Non Financially Sensitive Data

All financially sensitive data is processed through a website plugin provided by Stripe (see below). No financially sensitive data is sent to or sits on the MBF Walk Server. Stripe process all online transactions on behalf of the MBF, advising the MBF of transactions using client sided tokenisation. The use of client sided tokenisation permits MBF to financially account for individual donations without actually receiving, seeing, or holding financial sensitive data about the transaction. It also permits you, the donor, to receive confirmation of your transaction financial sensitive data sitting on your server. Tokenisation joins the donor and recipient of the donation together for accounting purposes (refunds, disputes etc.) but does not permit sharing of sensitive data.

Stripe is a US technology company, operating in over 25 countries, that allows both private individuals and businesses to accept payments over the internet. Stripe focuses on providing the technical, fraud prevention, and banking infrastructure required to operate online payment systems. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1 This is the most stringent level of certification available in the payments industry. To accomplish this, they make use of best-in-class security tools and practices to maintain a high level of security. If you would like to learn more about security at Stripe you can visit their website section as follows
https://stripe.com/docs/security/stripe

Stripe supply online vendor service to over 100,000 customers worldwide. They provide services to similar nonprofits, Unicef and The Salvation Army to name a few. Details can be found here: https://stripe.com/customers

Non financially sensitive data obtained when making your donation has been considered further. To enhance your experience SSL Encryption has been added to the entire website. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions.

It’s sincerely hoped these improvements will further support Provinces with receiving donations and promoting the MBF Walk to their members.

With fraternal regards and best wishes.

V.W.Bro. Ryan Williams, P.G.J.O.

Deputy Grand Secretary