Secure Payment Processing Statement

Last Updated: 15.02.2025

1. INTRODUCTION

This Secure Payment Processing Statement outlines how Dargslan s.r.o. ("we," "us," or "our") handles payment processing for e-book purchases on our website https://www.dargslanpublishing.com (the "Website"). We prioritize the security of your payment information and have implemented robust measures to ensure safe transactions.

This statement describes our payment processing methods, security standards, and protective measures designed to safeguard your financial information when purchasing our digital products.

2. PAYMENT PROCESSOR

2.1 Stripe Integration

We use Stripe, a leading global payment processor, to handle all financial transactions on our Website. When you make a purchase:

  • Your payment information is collected and processed directly by Stripe
  • Your payment details never touch our servers
  • The transaction occurs through Stripe's secure infrastructure

2.2 Stripe's Security Credentials

Stripe maintains the highest security standards in the payment industry:

  • PCI Service Provider Level 1 certification (the most stringent level)
  • Certified compliance with international security standards
  • Regular security audits and penetration testing
  • Advanced fraud detection and prevention systems

For more information about Stripe's security measures, you can visit Stripe's Security Page.

3. PCI DSS COMPLIANCE

3.1 Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure all companies that accept, process, store, or transmit credit card information maintain a secure environment.

3.2 Our PCI DSS Compliance Approach

We maintain PCI DSS compliance through:

  • Utilizing Stripe's PCI-compliant payment processing system
  • Implementing a "payment flow" where sensitive card data is handled directly by Stripe, not our servers
  • Following the PCI DSS SAQ A (Self-Assessment Questionnaire A) for merchants who completely outsource payment processing
  • Regular validation of our compliance status

3.3 Cardholder Data Environment

We employ a "No Cardholder Data Environment" approach, meaning:

  • We never store, process, or transmit full credit card numbers
  • The entire payment process occurs within Stripe's secure environment
  • Only non-sensitive transaction identifiers are stored in our system

4. TRANSACTION SECURITY MEASURES

4.1 Encryption

All payment transactions are protected by multiple layers of encryption:

  • TLS (Transport Layer Security) encryption for all data transmission
  • HTTPS protocol for all Website interactions
  • End-to-end encryption of payment details
  • Encrypted storage of any transaction records

4.2 Secure Checkout Process

Our checkout process incorporates several security features:

  • Seamless redirect to Stripe's secure payment environment
  • Real-time transaction verification
  • Multi-stage validation checks
  • Automatic session timeouts for inactive checkout pages

4.3 Authentication Methods

We support secure customer authentication methods:

  • 3D Secure (3DS) for applicable card payments
  • Two-factor authentication when available
  • Address Verification Service (AVS)
  • Card Verification Value (CVV) requirements

5. FRAUD PREVENTION

5.1 Fraud Detection Systems

We employ multiple fraud detection measures:

  • Stripe's machine learning-based fraud detection tools
  • Suspicious transaction monitoring
  • Anomaly detection for unusual purchasing patterns
  • IP address verification
  • Device fingerprinting to identify suspicious devices

5.2 Transaction Monitoring

All transactions are monitored for:

  • Unusual purchase amounts
  • Multiple failed payment attempts
  • Mismatched billing information
  • Purchases from high-risk locations
  • Velocity checks (numerous transactions in short periods)

5.3 Dispute Management

We have implemented a structured process for managing payment disputes:

  • Prompt notification of chargeback claims
  • Efficient evidence collection and submission
  • Systematic dispute resolution procedures
  • Regular review of dispute patterns to improve security

6. DATA RETENTION FOR PAYMENT INFORMATION

6.1 Limited Data Storage

In accordance with our Data Retention Policy:

  • Full payment card details are never stored on our systems
  • We store only limited transaction data necessary for order fulfillment and customer service
  • Transaction identifiers from Stripe are stored securely
  • Retention periods for transaction records comply with legal and financial requirements

6.2 Secure Handling of Transaction Records

Any transaction records we maintain are:

  • Stored in encrypted databases
  • Accessible only to authorized personnel
  • Protected by multi-factor authentication
  • Regularly audited for security compliance

7. INTERNAL SECURITY CONTROLS

7.1 Staff Access Controls

We implement strict controls on internal access to payment systems:

  • Role-based access control (RBAC) for all payment-related functions
  • Principle of least privilege for staff permissions
  • Multi-factor authentication for administrator access
  • Comprehensive audit logs of all system access

7.2 Staff Training

All staff members with access to any payment-related systems receive:

  • Regular security awareness training
  • PCI DSS compliance education
  • Fraud detection training
  • Security incident response procedures training

7.3 System Security

Our systems are protected by:

  • Next-generation firewalls
  • Intrusion detection and prevention systems
  • Regular vulnerability scanning and patch management
  • Scheduled security assessments and penetration testing

8. CUSTOMER PROTECTION

8.1 Purchase Protection

When you make a purchase through our Website:

  • Your transaction is protected by Stripe's buyer protection policies
  • Detailed receipts are provided for all transactions
  • Transaction records are maintained for support purposes
  • Our customer service team is available to assist with any payment issues

8.2 Transparent Billing

All charges on your statement will clearly identify:

  • Our business name
  • The transaction amount
  • The date of purchase
  • A reference number or description of the purchase

8.3 Customer Notifications

We provide notifications for:

  • Successful purchases
  • Failed payment attempts
  • Subscription renewals (if applicable)
  • Changes to payment methods or billing information

9. MOBILE PAYMENT SECURITY

For purchases made through mobile devices:

  • Our mobile checkout is optimized for secure transactions
  • Mobile-specific security features are implemented
  • Device authentication options are leveraged when available
  • Simplified but secure payment flows are provided

10. INTERNATIONAL TRANSACTIONS

For international payments:

  • Multiple currencies are supported through Stripe
  • International card processing standards are followed
  • Region-specific authentication methods are implemented where required
  • Local payment methods are supported where appropriate

11. INCIDENT RESPONSE

11.1 Security Breach Protocol

In the unlikely event of a payment security incident:

  • We have a documented incident response plan
  • Affected customers will be notified promptly
  • Appropriate authorities will be informed as required by law
  • We will cooperate with Stripe on any necessary investigations

11.2 Continuous Monitoring

Our payment systems are continuously monitored for:

  • Suspicious activities
  • Unauthorized access attempts
  • System vulnerabilities
  • Performance issues that might indicate security problems

12. CUSTOMER RESPONSIBILITIES

To ensure maximum payment security, we recommend customers:

  • Use strong, unique passwords for their account
  • Keep their device operating systems and browsers updated
  • Verify they are on our authentic Website before entering payment information
  • Never share account credentials or payment details
  • Contact us immediately if they suspect unauthorized transactions

13. CHANGES TO THIS STATEMENT

We may update this Secure Payment Processing Statement from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date at the top of this statement.

14. CONTACT INFORMATION

If you have questions about our payment security practices or need assistance with a payment issue, please contact us at:

Dargslan s.r.o.

Attn: Payment Support

1260/51 Sportova, Dunajska Streda, Trnava 929 01 Slovakia

Email: info@dargslan.com

Support Hours: CET 9:00 am - 15:00 pm