Being an IT professional in the health care industry for over 20 years now, I am very conscious of security and privacy. The servers running HamClubOnline (HCOL) are cloud-based and are hosted in Fremont,CA by Linode. We have two front facing web servers (one is the WordPress server and the other is hosting the HCOL application) both encrypting all communications using TLS/SSL. I separate the webservers just in case there is a security vulnerability in WordPress that the HCOL application site should not be compromised. The back end database is MySQL and is not available from the Internet directly. All account passwords are hashed with Bcrypt and are salt and peppered. Credit card information is stored with our payment processor (for clubs that require processing) and only a customer ID and transaction numbers are stored in our database. The credit card information is communicated directly with the processor and only a payment nonce is returned to the site. By utilizing this method we can attest to PCI DSS 3.0 SAQ-A compliance for e-commerce transactions online. Other stored information is mostly publicly available and should not be a valuable target for hackers. HCOL also has built-in safeguards in the application in attempts to make sure that clubs are not able to see other club’s information and club members may not access club management functions.
Posted in Uncategorized.