How secure is your payment system?
It is secure.
We delegated our payment handling to Stripe. They are one of the most used companies for handling payments over the internet. We set up everything so that your payment details never ever touch our own servers. Separation of resources is the key security feature.
Stripe has been audited by a PCI-certified auditor, and is certified as a PCI Service Provider Level 1. This is the most stringent level of certification available.
All card numbers are encrypted on a disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plain text card numbers. The only thing Stripe can do is request that cards be sent to a service provider on a static white list. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting infrastructure and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
You can check more of their security measures here: https://stripe.com/help/security.