Security

Physical and Network Security

  • Card-processing systems adhere to PCI Data Security Standard (PCI-DSS) Level 3.
  • Smily requires sensitive data to be encrypted using industry-standard methods when stored on disk or transmitted over public networks.
  • Smily uses standard, well-reviewed cryptographic protocols (such as SSL) when transferring data.
  • Smily requires that cryptographic keys are at least 128 bits long. Asymmetric keys must be at least 2048 bits long.
  • Smily’s administration website and non-public API are accessible via 256-bit, SSL certificates issued by DigiCert.
  • Smily regularly installs security updates and patches on its servers and equipment.
  • Security settings of applications and devices are tuned to ensure appropriate levels of protection.
  • Networks are strictly segregated according to security level. Modern, restrictive firewalls protect all connections between networks.

Web and Client Application Security

  • Card processing applications adhere to PCI Data Security Standard (PCI-DSS) Level 3.
  • Smily prohibits the storage of card numbers on clients devices
  • Applications developed in-house are subject to quality testing and security review.

Organizational Security

  • Smily requires sensitive data to be encrypted using industry-standard methods when stored on disk or transmitted over public networks.
  • Security systems and processes are tested on a regular basis by qualified internal and external teams.

Research and Disclosure

Smily recognizes the important contributions that our users and the security research community can make. We encourage responsible reporting of problems with our service. We also recognize that legitimate and well-intentioned researchers are sometimes blamed for the problems they disclose. In order to encourage responsible reporting practices, we promise not to bring legal action against researchers who point out a problem, provided they:

  • Share with us the full details of any problem found.
  • Do not disclose the issue to others until we’ve had reasonable time to address it.
  • Do not intentionally harm the experience or usefulness of the service to others.
  • Never attempt to view, modify or damage data belonging to others.
  • Do not seek compensation or reward for the report.

If you believe you have discovered a problem, please contact us at security@bookingsync.com.