Security Information from Liturgical Publications Inc.
WeShare is a product and service developed and supported by Liturgical Publications, Inc. LPi). LPi is a privately held organization that has been in business for 43 years servicing the Catholic Church and various other religious and non-profit organizationally, primarily through printing of their bulletin. In 2011 we began offering WeShare to facilitate the process of supporters leveraging technology to financially support their Church (or non-profit organization). In that time we have never been the victim of a successful hacking attempt. We undertake two annual security certifications. We are and maintain a level 1 certification of PCI compliance http://usa.visa.com/merchants/protect-your-business/cisp/merchant-pci-dss-compliance.jsp. We also annually have SOC I Type II audit https://www.ssae-16.com/category/ssae-16-type-ii/ which measures our compliance with controls designed to prevent theft and to ensure donor money is sent to the church (or non-profit) they intended. Due to our level 1 PCI certification, in the unlikely event of a successful hacking event, you will have no exposure as a result of the incident. LPi will ensure you are reimbursed to the fullest extent of the law if LPi is found to be the source and responsible for the breach. We are fully insured for such events.
We take our responsibility to our church/non-profit customer, their donors and supporters and the general public very seriously. We are constantly reviewing our processes and procedures to ensure you can maintain confidence that your data is secure with LPi. In each of the high profile hacking events, the breach occurred at the Point of Purchase device (card swipe) process. As our process is more akin to a purchase at Amazon.com than a purchase at a Target Department Store, we don’t have the same type of exposure retailers with card readers have. For more information about LPi please visit lpi.com.
We protect your data
All data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.
Sophisticated physical security
Our state-of-the-art servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches.
Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network, which is locked down with firewalls and carefully monitored. While perfect security is a moving target, we work with security researchers to keep up with the state-of-the-art in web security.
Full redundancy for all major systems
Our servers — from power supplies to the Internet connection to the air purifying systems — operate at full redundancy. Our systems are engineered to stay up even if multiple servers fail.
We protect your billing information
All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant Network. Our attestation of compliance can be found here. We also conduct an annual SSAE-16 SOC 1 audit of all our Financial Controls and IT General Controls. Copies of this audit are available upon request.