How Bolt Protects Your Critical Payments Data

Trevir Nath Headshot


Trevir Nath

Content Manager

Get updates in your inbox:

How Bolt Protects Your Critical Payments Data

It can take retailers years to build a strong reputation that drives repeatable business and only a few weeks to destroy it. One sure-fire way to make this happen is to mishandle clients’ data. Today’s shoppers have no problem saying goodbye to their favorite products if a brand loses their password or sells their data. 

To get ahead of these challenges, merchants have partnered with Bolt to help safeguard shoppers’ valuable data and meet current and future compliance requirements. 

Here’s a brief overview of how Bolt’s data security and privacy systems work.

Why retailers need to take payment security seriously

We’ve seen data breaches become a growing trend as more commerce moves digital. Shoppers happily hand over their sensitive personal and payment information in exchange for the convenience of shopping from their couch. And the retailers, those who benefit from the data windfall, don’t go far enough to protect their customers—resulting in frequent hacks and potential reputational damage. 

In recent years, retailers have become no stranger to these horrible occurrences. Neiman Marcus recently warned 4.6 million customers about a breach that included their names, credit card numbers, and passwords. Before that, retailers like J. Crew and Office Depot issued similar statements. And the list, unfortunately, goes on. 

Most of the time, a breach will look the same. Names, passwords, usernames, and credit card information fall into the hands of a few bad actors. In response, the affected retailer issues a statement and quickly patches the vulnerabilities. Shoppers sit in panic, hoping that someone isn’t buying a new jet ski on their credit card. The end result for merchants is often costs and fines adding up to nearly $4.24 million

But the long-term consequences can be even more costly than the fines themselves. A survey from Bolt and YouGov found that 75% of shoppers would have a negative perception of a brand after experiencing a fraudulent transaction. So, even though it is important to provide shoppers a speedy and streamlined checkout, convenience should never come at the expense of data security. Your reputation and sales depend on it. 

So how can merchants secure sensitive information and maintain shoppers’ trust?

Security at the heart of Bolt’s platform

Bolt was designed as the operating system for commerce, and we’ve built security into that system from the ground up.

As a result, retailers have trusted us to process payment information for tens of millions of shoppers buying billions of dollars in goods and services. They see that our systems uphold a high standard of data privacy, compliance, and security.

Privacy by Design

Privacy is not just a regulatory headache but a potential public relations nightmare. Remember that mishandling data can cost retailers millions of dollars in fines and even more in reputational damage. That is something no retailer can afford. 

This, of course, is why we prioritize privacy. We use a Privacy by Design approach in designing our technology and systems, meaning that payment data is protected across the Bolt ecosystem. We anticipate what types of attacks could happen and put in place preventative measures to ensure they don’t ever happen in reality. By embedding privacy in the design process, rather than tacking it on later, we can save our merchants from irreparable damage. 

For Bolt, Privacy by Design manifests itself in four steps: 

  1. We supply a clear and transparent privacy policy at the moment of purchase.
  2. We never sell your data and only select internal groups can access it 
  3. We don’t ask for more than we need to process a transaction.
  4. We apply encryption and authentication to payments, test our systems for vulnerabilities, and provide end-to-end security. 

A compliance core

Compliance plays an equally important role in how we designed Bolt. There are several regulatory bodies that oversee merchants handling personal and payment information, and we comply with all of them. We also help our partner merchants meet those regulatory requirements. 

Some include Payment Card Industry Data Security Standard (PCI DSS), The General Data Protection Regulation (GDPR), and The California Consumer Privacy Act (CCPA).

PCI DSS, in particular, is a set of security standards that merchants must comply with to accept Visa, MasterCard, and other major credit cards. The measures ensure merchants build and maintain secure networks, protect cardholder data, and implement strong access controls, among other security measures. 

Everything from our architecture to our administrative processes allows us to store and manage payment information according to this crucial regulation. But we take security a step further; we tokenize primary account numbers (PAN) and apply an always-on transport layer security (TLS) to protect shoppers’ data. 

We’re also compliant with data-privacy regulations, like GPDR and CCPA, that matter to businesses of all sizes. 

Learn more about how Bolt keeps our merchants and their shoppers protected. 

The life of a payment on Bolt

Let’s see how everything comes together with a simple example. 

When a shopper lands on a Bolt checkout page, they can rest easy knowing that their experience will be secure. Our three-tier system—privacy, compliance, and security—was designed with them in mind. And if shoppers are still apprehensive, they can read our privacy policies found on every checkout page. It details how we collect, store, and handle the data a shopper inputs on our checkout pages. 

After a shopper hits pay, their financial information passes through Bolt’s tokenizing service. Think of this as a mask for credit card data. Instead of displaying the last four digits of a credit card number, we see letters and numbers in its place. So even if a breach occurred, the cybercriminal would only have access to randomized alpha-numeric data—which is meaningless. 

From here, we separate the shopper’s payment data from their personally identifiable information (PII). That way, we, or any bad actors, can’t connect a shopper’s name to their credit card.

The last step in keeping shoppers’ data safe is removing it from our platforms. We never store data on our systems for any longer than absolutely necessary. 

Continual security improvements 

The technology at the disposal of cybercriminals is continually evolving, so we must stay nimble to stave off potential future threats. For many of our merchants, this can look like anything from regular antivirus updates and system patches to major releases across our operating system. 

We put these measures in place to help merchants meet their compliance requirements and securely manage their shoppers’ valuable payments information, but ultimately, merchants are just as responsible for upholding the same standards to protect their customers. 


Submit the form and we’ll email your copy.