This document describes the data security environment for ConnectionPoint systems.
This environment applies to our crowdfunding applications including:
It also applies to the underlying crowdfunding-as-a-service infrastructure used under contract by
ConnectionPoint whitelabel partners.
Overview
ConnectionPoint takes the security, preservation, and privacy of our customer’s data very seriously. It is
our intention not only to adhere to applicable data privacy laws in Canada and America but to go
beyond that with best practices from other regions such as the European Union including the GDPR
regulations. We publish and communicate our data privacy policy to our customers in links from our
website pages and, on request, in a written and dated document.
To achieve these goals, we manage these aspects of our systems:
• Computing infrastructure
• Data storage locations
• Data encryption
• Data access controls
• Employee access
• Customer access
• Credit card data protection
• Payment transaction data flow
Each of these aspects will be discussed in more detail below.
Computing infrastructure
We host our compute servers with Amazon Web Services (AWS) at locations in Quebec in Canada and
North Virginia in America. By leveraging the investments AWS has made in physical security and data
availability, we can provide very high levels of data protection at low cost.
These benefits include things like
• Generator-backup of all electrical systems intended to cover extended periods of electrical
outages from natural disasters like hurricanes, tornados or floods.
• Armed physical building security at the data server locations to prevent malicious attacks from
disgruntled persons or even terrorists.
• Network intrusion detection and denial-of-service attack counter-measures.
We follow AWS best practices in building our applications that use their data services and enjoy the
many benefits they provide.
AWS is widely admired for their commitment to data security and privacy. They provide extensive
documentation on their security practices. This information is available on their web site here.
Data Storage Locations
We store application and customer data in two AWS data centers. Data for customers who prefer
storage within Canada is stored in the facility in Quebec. Data for other customers is stored in North
Virginia.
Data Encryption
Data stored within the databases are encrypted. Even if the database itself was copied and moved from
our facilities it cannot be read without our secret access keys. Access to these keys is restricted to key
employees of ConnectionPoint who commit to their protection via signed employee data confidentially
agreements.
Data Access Controls
Internet access to our database servers is very tightly controlled. Only machines communicating from a
short whitelist of known locations (as defined by their IP addresses) are permitted access to the data.
These known locations correspond to the ConnectionPoint offices and specific machines in possession of
our CEO and CTO. All communication with our computing and database servers is over secure IP
protocols such as SSL and HTTPS.
All other access to the data is managed through our application compute servers. Our applications
enforce rules to control access i.e. who can view data and what data each individual is allowed to load.
Employee Access
ConnectionPoint employees are required to sign data confidentially and protection agreements.
Employees are restricted in what data they are allowed to access and are granted access only to data
they need to perform their jobs.
Employee login access to our control systems such as managing the AWS environment or accessing our
application master accounts at Facebook, LinkedIn, Google, PayPal, WePay, Stripe, etc. is protected by
two-factor authentication. This means that accessing one of our systems using an employee’s account requires not only an identifier and password but access to a code generator on an employee’s mobile
phone which creates a unique identification number for each access attempt or via a text-back service
that sends a unique, time-limited identifier to the employee’s phone.
Customer Access
ConnectionPoint customers, after logging in, can access their donor and contribution information
through secure web pages on our sites. Customers can grant their employees and volunteers various
levels of access. This provides very granular levels of control over who can see and access donor
information. The chart below is copied from within our application and shows these levels.
Customers in the Owner or Manager role can download all donor and contribution information into CSV
or XLS files. These files are transmitted over encrypted channels to the user’s device to prevent
interception while transiting over the network.
An important point from the chart above is that Promoters (either staff members or volunteers) can
securely upload their own contact lists to the system. The Promoter can then send an email to the
members of this list prompting them to support the campaign. Only those contacts that proactively
”opt-in” to receiving information from the organization are copied into the organization’s records. This is in compliance not only with anti-spam legislation such as CASL but also with best practices for
preserving personal privacy such as the European Union’s GDPR and California’s CCPA.
Credit Card Data Protection
ConnectionPoint does not store credit card data. This is done very intentionally to eliminate the
potential for a security breach either through internal employee malfeasance or by internet hacker
attacks. We work with payment processing partners who offer mechanisms for us to process payment
transactions without requiring us to manage the card data. With this approach we can rely on the
payment processors highest levels of Payment Card Industry (PCI) data security compliance without
having to implement these costly procedures ourselves. Despite this approach, we still follow PCI
compliance standards ourselves as best practices for maintaining customer data security.
Payment Transaction Data Flow
The payment processing industry is complex and intentionally obscure. This next section will explain
how data security is maintained as payments are processed by ConnectionPoint in cooperation with our
partners PayPal, Stripe and WePay.
There are three main flavors of payment transactions:
1) Payments via credit cards
2) Payments via bank transfers
3) Payments via a PayPal account
ConnectionPoint processes all three types of transactions via one or more of our three payment
processing partners depending on the preferences of our customer. In addition, we also can process
transactions using a PayPal account. These will be discussed separately.
Credit cards via Stripe or WePay
Processing credit cards requires a donor to enter their name, billing address, credit card number, expiry
date and CVV number into an online form. When paying with Stripe or WePay, this form is hosted on the
ConnectionPoint product page. The contents of the form are encrypted and delivered to the donor’s
browser using Secure Sockets Layer (SSL) technology. This encryption is done in case hackers are
monitoring traffic on the wireless network and trying to intercept this important data.
The data entered into this form is encrypted and “tokenized” to make it harder to intercept and then
sent from ConnectionPoint’s servers to the payment processor’s Application Programming Interface
(API) over SSL. The payment processor creates a transaction requesting payment that is securely
transferred to the credit card Interchange Network – the massive global system run by the banks and
credit card processing companies. The bank or credit card company that issued the credit card checks
the availability of credit on the card and, if after appropriate anti-fraud security checks are done and the
transaction is approved, debits the card for the value of the transaction. The completed transaction
confirmation message is returned via the Interchange Network and the payment processing account of
ConnectionPoint’s customer is credited with the value of the transaction less any agreed upon processing fees. It is important to note that at no time in this process did ConnectionPoint hold or have access to the value of the transaction.
Bank payments via Stripe or WePay
When using Stripe or WePay it is possible for customers in the US to enable their account such that a
donor can elect to pay via a bank card. When this is turned on an additional option of Pay by bank is
provided at checkout. Clicking on this link opens a new window containing a secure webpage on the
WePay or Stripe systems. There, the donor is prompted to search for their bank, securely log in to the
bank’s payment system, select the account to fund the payment and confirm the transaction. On the
successful completion of the transaction the donor is returned to the campaign page and prompted for
any additional tax receipt information that has been requested by the campaign. At no time in this
process are the details of the bank account shared with ConnectionPoint or made visible outside of the
bank’s secure website.
Paying with PayPal
When paying via PayPal as the payment processor the process is slightly different. When the donor
clicks to confirm they want to make a contribution, they are transferred to a secure PayPal webpage.
There, they are prompted to log into their PayPal account with their email and PayPal password to
complete the transaction. They can select any of the funding sources attached to the PayPal account
including previously registered credit cards, connected bank accounts or even a PayPal account balance.
If they do not have a PayPal account, they click on a Pay as a guest option which prompts them for their
credit card information as described above. On successful completion of the transaction, they are
returned to the campaign page and prompted for any additional tax receipt information requested by
the campaign. At no time are the internal details of the funding payment account (such as the bank
account number, credit card number or even credit card type) shared with ConnectionPoint.
Recurring Payment Transaction Data Flow
As mentioned above ConnectionPoint does not store credit card data. This complicates the process for
securely managing recurring payments and pledge payments i.e. payments made conditionally on the
achievement of certain future objectives. By working in collaboration with our payment processors we
have a good solution to this problem.
To enable the processing of these types of payments, contributors are prompted during the payment
processor portions of the payment workflows to pre-authorize future payments. If the contributor
grants the authorization, ConnectionPoint is provided with a secure “token” which we store in our
database. At the appropriate times in the future when we want to process a recurring payment or
pledge payment, we submit the token to the payment processor instead of the contributor’s payment
card data. This token presentation authorizes the payment processors to create a transaction according
to the parameters the contributor agreed to (i.e. the value and frequency of the contribution) and the
transaction is executed using the Interchange Network.
This process is very secure because even if the preauthorized tokens are stolen from our database, they
cannot be processed by anyone other than ConnectionPoint and to any other beneficiary besides the
organization originally identified as the recipient of funds in the authorization transaction.
Summary
ConnectionPoint cares deeply about the security of our customers’ information and the integrity of our
payment processing activities. We have implemented industry best practices to help us achieve a very
high level of security. However, we are always interested in further improvements to our system and
welcome feedback on perceived vulnerabilities and suggested enhancements.