Morgan Stanley has been doing business for about 85 years. Wells Fargo has been protecting people’s assets since the stagecoach days 168 years ago. And Citibank has been looking after your money for 208 years.
Online payment processor Stripe launched publicly in 2011. That was the year when everyone was party rockin’ and Adele topped the charts with “Rolling in the Deep.” Instagram had launched only one year earlier. Why should you trust such a young company to handle all of your financial transactions?
The answer is technology. People didn’t even have personal calculators 85 years ago. And they couldn’t imagine the dark web in the 1800s.
While companies with long histories had to play catch-up as technology advanced, Stripe started in the midst of a technologically advanced era. Its founders saw a need and created a financial solution for these complex times, with today’s security challenges in mind.
Here’s a breakdown of Stripe’s security solutions.
PCI stands for payment card industry. The PCI Security Standards Council is best known for creating the Data Security Standard (or DSS).
The Council created the DSS to prevent fraudulent credit card activity. It does so in different ways, depending on the amount of money involved in a transaction. At the highest tiers, the company handling credit card transactions must hire an independent auditor to assess its security.
Certified auditors regularly audit Stripe, ensuring that Stripe adheres to the same high security standards as the largest companies. And the company uses only the best tools and practices to maintain these high standards.
Data encryption scrambles data in such a way that the original message becomes completely unintelligible. Encrypted data looks like random code, with no discernable pattern.
It is theoretically possible to break any level of encryption. But doing so requires what’s known as a “brute force” attack. A brute force attack is like trying to unlock a four-digit number pad by typing 0001, 0002, 0003, etc., until you find the right combination.
Current standards use 256-bit encryption, which is like having a number pad with 78 digits. To clarify, 1 billion is 10 digits long, so 78 digits is a really big number. With the current available technology, it would take the fastest supercomputers in the world millions of years to crack 256-bit encryption.
Digital keys are used to handle encryption and decryption. Stripe uses the best 256-bit encryption and keeps the keys away from public-facing servers.
Stripe uses several technologies to ensure secure data communication. Honestly, the various technologies are just a bowl of acronym soup. You’d need a deep understanding of computer science, networking, and security to truly understand them all.
But it’s simple enough to say that Stripe uses the best browser security technology available. And it enforces the rule that every website connecting to its servers has to do the same. Connecting to Stripe requires a secure browser connection as well as a number of certificates, which creates another layer of security.
Since the only people who can break through modern digital security are hackers, Stripe actually pays hackers to find what are called exploits — codes a hacker uses to attack a vulnerability in a software or system. Anybody can submit exploits and find bugs, but Stripe’s bounty program is by invitation only. It’s highly selective about who it will pay, and exploit researchers have to follow a long list of rules.
The hackers Stripe hires are less like Mr. Robot and more like the guys from The Big Bang Theory. Stripe relies on knowledgeable researchers who keep up on the latest exploits. If they discover an exploit, they have an opportunity to submit it for a reward.
OK, but can you trust Stripe not to act like Enron?
Now that’s a much harder question to answer. It’s impossible to know what people will get up to. The best option we have is to trust others to keep them accountable.
Pretty much every startup uses Stripe in its early stages because of its simplicity. But Stripe has also earned the trust of big companies like Reddit, Uber, and Amazon. Those companies don’t want to fail any more than you do. And they’ve got a lot of very smart people making sure that doesn’t happen.
To be honest, if Stripe fails, the company will take a massive portion of the internet with it — so it’s highly unlikely to happen. As the saying goes, there’s safety in numbers.