A matter of security

A few people have raised concerns recently about putting their credit card information online when making their first appointment. I totally understand- my debit card was just “compromised” for the first time last month, and with the Heartbleed thing going on we’re all a little paranoid. Here’s what info I can pass along about the websites I use for booking.

FullSlate has a few mentions on their website about their security- here are three links (one two three, and also their HIPAA statement). They don’t go into much detail though, so I contacted FullSlate directly and this was their response to me:

“If you and your clients were worried about the recent Heartbleed scare, rest assured all is well. Full Slate does not use the version of OpenSSL that contained the Heartbleed security bug. As a result, your passwords and other information were not exposed by Heartbleed.
Full Slate employs the following technological safeguards: client information is transferred using 168-bit SSL encryption; accounts require secure login with minimum password length enforcement; the production environment is protected by stand-alone firewalls with access limited to authorized personnel via encrypted channels; and offsite backups are made daily and stored in an encrypted state.”

Now, FullSlate isn’t the site that actually holds your credit card info- the payment processor I use is called Stripe. Their website has this info about their security, and their FAQ addresses it as well – they are super serious about security!

They were, however, affected by Heartbleed (along with most of the internet)- and they blogged about it here: https://stripe.com/blog/heartbleed It looks like they were able to fix the problem before it became a BIG problem.

I have followed their advice and created a brand new password for the site and enabled two-step verification. I have no idea what an API key is, but they should be contacting me soon to help with that.

So that’s where we stand with security. If you still are not comfortable with putting your credit card info online, we have two other options:

1. You can prepay for your appointment with your credit card over the phone (I will manually run your credit card info through Square, which is what I use to process credit cards in-office)
2. You can prepay for your appointment using PayPal (my email with them is info@sonialmt.com)

Hopefully this will help assuage any fears you may have regarding my policy. Please get in touch if you have any other questions or concerns!