Shopper Business Investors

Business Tips

Data Privacy and Splitit’s Commitment to Protecting Personal Data

Last updated January 2024

Your Personal Data, Our Priority: How Splitit Ensures Privacy and Security

As online activity increases, so does online vulnerability – which makes data protection, privacy, and security one of the most important considerations for businesses.

From crippling breaches to consumer concerns about data harvesting, privacy and security are crucial for business continuity and brand integrity. The way that companies handle data impacts everything from legality to reputation –
79% of Americans report that they’re concerned about the way companies are using their data.

Read on to learn about how Splitit makes personal data our priority, with details on how we approach compliance and innovation to ensure we’re treating our customers’ data with the highest level of care and protection.

The Significance of Personal Data Protection

Most countries have data protection and privacy laws that businesses must comply with regarding customer data, including GDPR in the EU and CCPA in California. Failing to meet data protection and privacy regulations in the regions that your business operates in can have severe legal implications.

Of course, data protection is incredibly important for many reasons beyond legal compliance – it defines your business’s integrity and affects customer loyalty and brand reputation.

66% of consumers say they’re unlikely to engage with a business that has had a data breach that impacts financial or sensitive information. Beyond reputation, data breaches can cause extreme financial issues – the average cost to a company for a data breach is estimated to be around $4.24 million.

Data breaches can be devastating for a company – at a minimum, it affects brand image. At its worst, a data breach can lead to legal action, investigations, and fines. All of these elements can impact stock prices and, in some cases, cause businesses to fail completely.

Common Data Privacy Challenges Faced by Brands

There are many points in the customer journey where data is captured, transferred, processed, and stored. All of this movement makes data vulnerable, as at each stage it is at risk of being intercepted or lost.

In order to safeguard personal data, companies need to closely examine the protective measures they have in place at each level of vulnerability.

Data transfer

After customer data has been captured on a website, it is sent to a number of places over the Internet, such as payment providers, shipping services, and other third-party organizations that help support an order.

In order to protect data while it is being transferred, brands should employ data encryption methods. When data is encrypted, it is packaged and locked in a way that ensures a potential threat that accesses it or intercepts it and can’t read or use it. Effective data encryption methods include:

  • Employ an SSL certificate, which encrypts data to secure it and prevent it from being intercepted between browsers and servers
  • HTTPS protocol, which encrypts user data to safely deliver it from a web browser to the company website, and vice versa
  • Sending information via a Virtual Private Network (VPN)

Securing data

When data is being stored, it is still vulnerable to people who are looking to find ways to access the storage system. This might be through stealing passwords, hacking into the physical machine that stores the data, or breaking into the database and copying data. In order to prevent stored data from being stolen, companies should:

  • Encrypt customer data until it is needed
  • Encourage strong password protocols
  • Implement physical security measures to prevent unauthorized people from being in a high-security area
  • Implement internal access controls, such as two-factor authentication and authorization hierarchy

Data loss

Data loss causes major issues for organizations and can result in legal implications. There are many reasons data can be lost, from human error and physical damage to servers and drives to malicious ransomware attacks. To protect themselves and their customers from data loss, businesses should ensure they have:

  • Reliable backups of encrypted data
  • Accessible data solutions (such as cloud-based platforms)
  • A business continuity plan that covers data breaches, natural disasters, and other unprecedented events

Splitit’s Approach to Data Privacy

We are fully committed to protecting and prioritizing personal data – for us, this takes shape in a variety of ways.

We adhere to the highest-level of PCI compliance, as outlined by the DSS, which is the Data Security Standard from the Payment Card Industry Security Standards Council. This involves a complex suite of compliance requirements, which include:

  • Building and maintaining a secure network
  • Protecting cardholder data
  • Maintaining a vulnerability management program
  • Implementing strong access control measures
  • Regularly monitoring and testing our networks
  • Maintaining an information security policy

We also adhere to global data security standards, and we are GDPR and CCPA compliant.

In terms of customer data, we don’t ever share information with third-party platforms for marketing purposes – customer data remains contained, which means they don’t need to worry about their information being used by external marketing platforms and you don’t have to worry about data harvesting to your competitors.

Once their plan has been paid off, customers can also contact our support team at any time to have their information deleted.

What Sets Splitit Apart

We put privacy at the forefront of our processes and strategies, to ensure that you and your customers can feel confident and protected. This takes shape in the way we approach data security and consumer protection.

87% of consumers believe that companies need to be more transparent about how they use their data, which is why, unlike many legacy BNPL platforms, we never provide customer data to third-party platforms for marketing purposes. Customers can rest assured that their data is contained, and you never have to worry that we’re sharing your customer information with competitors.

From a security standards perspective, we use the most innovative technologies to bolster our data protection strategy, including:

  • Data Encryption Keys (DEKs) and Key Encryption Keys (KEKs) that are encrypted with AES256 algorithm and Master Key which is encrypted with RSA1024 algorithm
  • 128-bit SSL
  • Web Application Firewall to protect against threads
  • Detect potential malicious file access using file integrity products
  • Rigorous intrusion detection systems
  • Continuous monitoring and analysis of security alerts and information
  • 2-factor authentication for remote access
  • Anti-virus software deployment on all systems potentially vulnerable to be affected by malicious software
  • Limited access to information, to individuals whose job role requires this information

User-Friendly Experience and Privacy

Data privacy is built into the Splitit experience – for us, a more contained process is a more secure process.

During the checkout process, customers only enter minimal information. Because Splitit operates with their existing credit card, there’s no need to take out additional financing or apply for another line of credit. This reduces the complexity of their application and the need for various third-party platforms.

Throughout the checkout experience, we encourage you to provide your customers with access to information about data and privacy and ensure you update your site with content that reassures and informs your customers about privacy and security.

Our customer service team is also available to answer questions about data, privacy and security that you or your customers may have.

Continuous Improvement

We know the ecommerce industry changes at a rapid pace, and we are committed to staying one step ahead with our privacy and security standards.

We adhere to the latest PCI-DSS standards and are committed to maintaining this certification. Our team is constantly monitoring the data protection landscape and looking for opportunities to improve and innovate to make sure we are delivering the best and most secure experience for our customers.

There’s no question that data protection should be a priority for every business – and not just because it’s the law. Customers are looking for companies that not only protect their data, but also treat it with the respect it deserves, which means a rigorous data protection strategy is key to supporting your brand reputation and business integrity.

At Splitit, we’re committed to adhering to the latest compliance standards and implementing the most innovative and rigorous data protection practices across all levels of the customer experience.

Our customers can rely on us to provide the most secure installment payment experience, and to keep their data private long after they’ve left the checkout. Get in touch with us to learn more about how we can support your commitment to data protection and security.