We do not capture or store your banking information on our systems. It is encrypted in your browser and sent directly to our payments processor, Stripe. Here is Stripe's security page, where they explain to their customers (like us) how they ensure the security of payments data. To summarize:
- Stripe is audited by an outside PCI-certified auditor and is certified to "PCI Service Provider Level 1" – the most stringent level of certification available in the payments industry
- all transmissions between your browser (and our systems) and Stripe use HTTPS with TLS. TLS encrypts and verifies the integrity of traffic between your browser and the server, and also verifies that you are communicating with the correct server (ie, you aren't being deceived by a "man in the middle" attack)
- all payment-related data is encrypted while stored at Stripe, and the services related to encryption/decryption, transmission, and storage of personal financial information is isolated from their public network interface
Stripe has a very robust security infrastructure and is trusted by hundreds of thousands of companies, including Lyft, TaskRabbit, and Slack. Here's more.
While our employees have information about whether your bank account has been verified, they can only see the last four digits of your account number.