KB104 - How Clearfly Handles Account Information
Let’s make things easier
Clearfly wants to make it as easy as possible for you to pay your monthly bill, and in order to facilitate this we offer automated monthly billing. From our perspective this is win-win; we don’t have to rip open envelopes and manually enter/deposit checks, and you save the hassle of writing and mailing a check (stamps aren’t getting cheaper). However, one of the primary concerns with recurring electronic payments is (or should be): where does the provider keep your sensitive payment information between billing cycles?
Keeping sensitive account information is not something that should be taken lightly and, unless you have a team dedicated to securing the data, the best way to avoid a potential breach is to avoid storing the data on your network altogether.
How Clearfly stores your data
Since Clearfly wants to focus on being a telecommunications provider and not an electronic merchant, we decided that we did not want to keep any sensitive information in our servers. Thus, Clearfly established a relationship with Stripe to be both our payment gateway and secure customer information storage point.
The way this works is simple and secure. When Clearfly asks for your ACH (or card) information we securely transmit it to Stripe for verification. Once Stripe has determined that the information is valid they send us a pair of opaque codes. One code represents the specific customer and one represents the specific payment source you entered. These codes which don’t contain or relate to the actual customer data or the specific numbers on a bank account or card. We store these codes in our systems for use whenever you tell us to make a payment.
How a charge works
Once it is time to charge your account we simply send a request to Stripe to charge the specific customer code and payment code pair for a specified amount. For example, lets say that we have customer cus_12345 which setup a bank account in our systems as ch_56789 and their invoice is for $100.00. We would send a request to charge customer cus_12345 with source ch_56789 the amount of $100.00. Stripe responds to indicate whether the charge was approved or declined. And that’s it — payment complete and no sensitive information was stored by Clearfly or sent by either party.
Enables customers to setup automated monthly payments to ease accounts payable burden
Removes Clearfly’s liability by relieving us of the need to store sensitive account information
If data is ever compromised it would be useless to an outsider as the codes are specific to our payment gateway relationship.