Security Policy for the Transmission of Card Data

Dominican Bridge takes the protection of cardholder data seriously. This page describes the technical and organizational measures we apply to the transmission of card information.

Processor

All card payments are processed by AZUL, an authorized payment processor in the Dominican Republic. Card details are entered on a payment page hosted by AZUL on its own infrastructure. Dominican Bridge never receives, sees, or stores full card numbers, expiration dates, or CVV codes.

3D Secure authentication

Every transaction is authenticated through 3D Secure (Verified by Visa and MasterCard ID Check). The cardholder is required to confirm the purchase directly with the issuing bank before payment is authorized.

Encryption in transit

The entire site, including the checkout flow and the AZUL payment page, is served exclusively over HTTPS using TLS 1.2 or higher. HSTS is enforced. Data is encrypted in transit between the cardholder, the merchant, and AZUL.

PCI-DSS compliance

Because card data is captured directly by AZUL on its PCI-DSS certified payment page, Dominican Bridge operates under SAQ A scope. We do not store cardholder data on our servers or in our database. The only data we retain about a transaction is: order reference, last 4 digits of the card, authorization code, and amount.

Access controls

Administrative access to order data is restricted to authorized staff and protected by strong authentication. Server access is restricted by SSH key and firewall.

Incident response

In the event of a suspected security incident affecting cardholder data, we will notify AZUL and the affected cardholders without undue delay.