AR15Discounts.com Security and Fraud Mitigation

In the last year alone we’ve seen data breaches from Twitter, Marriott hotels, MGM Resorts and even Zoom, the online meeting platform trusted by companies and educational institutions around the world. Hackers and fraudsters are becoming more creative and more aggressive in their lawless behavior.

At AR15Discounts.com we take security very seriously. I’m not just a co-founder of the company, I’m also a programmer by trade and I’ve helped large companies from many industries including Energy, Agriculture, Finance and Retail deploy usable and secure websites. I’d like to tell you about what we’re doing to keep your data safe.

Our Internal Security Measures

There is no such thing as a one-stop-shop for security. Regardless of the industry, bad actors will happily utilize any number of attack vectors in order to compromise sensitive information. This is why we have a multi-layered approach to security.

1. Network Edge Protection

We utilize Cloudflare to manage DNS and create a barrier between our customers and bad actors before they even reach our server infrastructure. Trusted by tech giants such as IBM, Shopify and Zendesk, Cloudflare is uniquely positioned to learn from high profile attacks and quickly deploy mitigation techniques to the rest of their 58,000 customers.

Key Features:

  • Deep Packet Inspection, covering applications / Layer 7 – Protection from SQL injection, cross-site scraping attacks and thousands more.
  • Full stack DDoS protection
  • Automated Learning > Security Driven Research > Virtual Patching – Protects against zero-day vulnerabilities or new threats with patches automatically deployed by the Cloudflare security team.
  • IP Reputation Database Integration – Real-time intelligence on over 1 billion unique IPs used to block malicious traffic.

Click here to learn more about Cloudflare security.

2. Credit Card Security

This part might be the simplest. We utilize Authorize.net, one of the largest Processing Gateways in the world.

We integrate with them in a way that ensures a customers’ full credit cart number never actually hits our servers. Instead, when you enter your credit card information and click “Place Order” your browser bypasses our server and connects directly and securely via 256-bit Bank Level Encryption to Authorize.net. Authorize.net processes the transaction and then gives us a unique “token” which allows us to capture the funds. Even if you choose the option to save your credit card information, all our server remembers is that token which would be useless to a fraudster even if it did get stolen. This also means that none of our employees (including myself) can gain access to your full credit card number.

Please note, just because the information never touches are server, doesn’t mean you’re completely protected by this alone. For example if your device’s browser is compromised, then your information is still vulnerable. Not to worry though, we’ve got you covered there too. You’ll learn more about this in our “Browser / Client Side Security” section.

3. Server Side Security

We host our websites with Pagely, a premier managed hosting provider touting an impressive client list including Disney, Visa and Garmin just to name a few. Since their founding in 2006 they have dedicated an incredible amount of time and money to develop PressARMOR™, their security suite which not only uses cutting edge security software but also includes how they train staff, perform outreach and research new threats.

Key Features:

  • Supplemental Web Application Firewall (WAF) – Includes custom rule sets developed by Pagely which supplements the network level firewall.
  • Real-time, file-system level malware scanning
  • Framework specific security enhancements
  • Dedicated hardware for each client
  • CHROOT user separation
  • 2-Factor Authentication

Click here to learn more about PressARMOR™

4. Browser / Client Side Security (WASP Protection)

Better known as Magecart, formjacking, XSS, and credit card skimming, client-side attacks mainly focus on data theft. They target vulnerable JavaScript that powers much of today’s modern web. Attacks are successful because today, only 1% of website owners deploy client-side security policies that safeguard JavaScript vulnerability.

We’re one of only a few websites in our industry that uses patented, standards-based technology from Tala to protect our users against data theft, web injection and other vulnerabilities. Why don’t more companies do it? Because it is incredibly expensive, I can’t say how much but I can say it is our single highest security cost by a long shot. We don’t just pay lip-service to the idea of protecting our customers, we put our money where our mouth is.

Key Features:

  • Web Application Information Modeling – Our website is scanned and monitored to develop a model of “acceptable behavior” and “expected assets”. This way the system can detect and block anomalous behavior. An example would be browser-based malware installed on a user’s computer trying to send data to a malicious third party.
  • Block Threats in Real Time – When we know which assets and files are supposed to be present, and how they’re supposed to behave, we can then block anything which doesn’t follow the rules. Rules are enforced with standards-based controls which are built-in to all browsers.

    In many cases, like the example of malware on a customers web browser, there isn’t actually any vulnerability on our website. The risk is actually on their own computer. Even so, our WASP system will still prevent their information from being transmitted to a malicious third party while they’re on our website.

But what if something does happen?

Yes, we have an impressive security stack. Some might call it overkill. Even so, as the saying goes “you don’t know what you don’t know”. So in the unlikely even that your information is compromised on our site, we’re proud to provide the Norton Shopping Guarantee.

The presence of the Norton Shopping Guarantee seal indicates that this merchant’s identity, reputation, experience, financial stability, and ability to honor their sales terms and conditions have been inspected and verified. The merchant is monitored daily to ensure they always deliver on their terms of sale, thus assuring you a safe online shopping experience.

Key Features:

  • $10,000 Identity Theft Protection – Provides up to $10,000 worth of specialist help & services in the event of identity theft for up to 30 days after your purchase.
  • $1,000 Purchase Guarantee – A 30 day guarantee of up to a $1,000 of the purchase price, that you will receive the products/services you ordered, in accordance with the terms of sale.
  • $100 Lowest Price Guarantee – If the store’s published price drops within 30 days of the purchase, you can make a claim for up to $100 of the difference.

How can I protect myself and my family?

  • Keep your devices and software updated.
  • Use a reputable malware / virus scanner on your devices.
  • Don’t reuse passwords, ESPECIALLY not your email password. If someone gains access to your email, they can likely get into anything else.
  • Protect your whole family with a DNS filter. We use DNSFilter.com.
  • Protect your debit card information with Privacy.com. This allows you to generate many different “dummy credit card numbers” which you can use on specific websites.