Functionality - Security of the system and protection of MA's and club's info from unauthorized users?

​Access to Curling I/O is primarily with passwordless social sign-in (e.g. Google, Facebook,
Hotmail) using a single-use token authentication. This reduces the risk posed by weak
passwords, and makes Curling I/O far more secure than most web applications. Added
advantage: users don't have to remember another password!

As for the physical servers themselves, besides residing behind heavily encrypted firewalls, they are locked down to PKI (Public Key Infrastructure) only access for a very small number of people (i.e. development/hosting staff) who can even touch the database and servers.

As for financial security (i.e. Stripe transacting),​ ​Stripe​ (the payment processor for Curling​ ​I/O​) requires some banking and personal information (as per 2.a​ of their Services​ ​Agreement​) in order to deposit your revenues correctly and to verify your identity as a merchant (according to federal money laundering laws). That may involve name and date of birth, but also any one of these IDs: Driver's​ ​License​, Passport​, or SIN​. Worried about privacy? Understood: Clubs​ ​and​ ​MAs can​ ​now​ ​directly​ ​set​ ​up​ ​their​ ​own​ ​Stripe​ ​accounts​ ​in​ ​Curling​ ​I/O​ without needing to provide Curling​ ​Canada​ with that personal/financial information. This integration is direct, secure, and encrypted. No middleman.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Please sign in to leave a comment.