About Payments

  1. Are web traffic and requests encrypted?
  2. How does nonnapantry.com take payments at checkout?
  3. Does nonnapantry.com retain customers’ credit card information?
  4. How secure is tokenization?

Are web traffic and requests encrypted?

Yes. Traffic and requests are always encrypted, all the way though:

  • from your browser, to the CDN
  • from the CDN, to Nonna's Pantry origin server
  • from Nonna's Pantry origin server, to the payment processor Square

How does nonnapantry.com take payments at checkout?

We allow customers to pay for orders via payment gateways:

  • A manual payment gateway, such as Cash On Delivery (C.O.D.), collects customer information, then provides details for Local Pick-Up or Delivery.
  • An automatic payment gateway, securely requests information from customers and relays it to a third-party payment processing service (Square).

The automatic payment gateway allows our Payment Processor to:

  • Verify the customer’s billing information
  • Verify if funds are available
  • Transfer funds from the customer to you
  • Send confirmation of payment back to the nonnapantry.com

Manual payments have far fewer security concerns than automated, instantaneous payment methods.

Does nonnapantry.com retain customers’ credit card information?

No, your credit card number and security code are never stored on our website. The payment gateway gives this sensitive information directly to the payment processor. Credit card data never enters or passes through our website’s database.

Tokenized payment methods can be used for convenience in future purchases by the logged-in customer. Credit card tokens store the last four digits of a card, the card brand/type, and its expiration date, mostly so the customer can identify which token is for which card.

How secure is tokenization?

Extremely. With tokenization, your actual credit card information is stored on the servers of the payment processor. The only data saved on our site is in the form of a string of characters called a token. These tokens are designed to be useless outside the precise context they’re created for.

Tokens are super-specific — specific to the customer, specific the website, specific to the payment gateway’s payment processor, and specific to the merchant account with that processor. If any of those factors aren’t precise, the token won’t work as a placeholder for a customer’s payment information.