CDA Software takes security seriously, and for that reason, we host your software on the Azure cloud platform. All communication end-points from your CDA application to the Azure database are done via Hypertext Transfer Protocol Secure (HTTPS). This means both end-points are encrypted. More importantly, when you start using CDA Software, you create your own secure Azure account that will only host your database files. We do not share your unique database with other companies.
Since you own your own Azure hosting cloud platform, no CDA employee or any of your employees will ever have access to your Azure account unless you authorize them.
Security is integrated into every aspect of Azure. Azure offers you unique security advantages derived from global security intelligence, sophisticated customer-facing controls, and secure, hardened infrastructure. This powerful combination helps protect your applications and data, support your compliance efforts, and provide cost-effective security for CDA hosted organizations of all sizes.
Azure Security Center helps you prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
CDA Software takes security seriously, and for that reason, we have selected Stripe as our main payment gateway for all credit card transactions. Credit Card transactions can be processed on both the desktop and mobile applications of CDA v.10.
All credit card transactions that are processed on the desktop or mobile application are done using TLS 1.2. (Encrypt and verify the integrity of traffic between the client and your server - Verify that the client is communicating with the correct server. In practice, this usually means verifying that the owner of the domain and the owner of the server are the same entity. This helps prevent man-in-the-middle attacks. Without it, there’s no guarantee that you’re encrypting traffic to the right recipient).
Each company that signs up for a CDA Software account creates their own unique Stripe account. After a customer has created their own Stripe account, they will share with us an API Key provided by Stripe. This Stripe API Key is unique to you and allows us to securely process a credit card request on your behalf. At no time will any employee of CDA Software have access to your Stripe account.
After a credit card is successfully processed by Stripe, we will post this information to your Claim number that was requesting payment be made. CDA Software will never store a customer’s full credit card record. We only store the amount charged, credit card type, and authorization number of payment charged.
Anyone involved with the processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.