Our CTO, Eddie Lim, recently gave a tech talk to the Stanford ACM club about security. BTW, if you have the opportunity, you should definitely come speak at one of their sessions — we were really impressed by the depth of the questions that the students were asking, especially on a topic that isn’t necessarily something you might deal with every day!
For context, TrialPay works on driving traffic to advertisers by giving users something that they already want for free. Our platform currently gets over 100 million views per day, and in the last 6 years, over 200 million people have gone through TrialPay to get free stuff. Security is a huge deal for us for a few reasons:
- Some subset of our users is always trying to game the system and get free stuff. Just google “hacking trialpay”, and you’ll see what we mean.
- We have a new product we’re working on that aims to connect the online and offline worlds, and part of the implementation involves storing credit card numbers. Take a look at this demo to get an idea of what the product is; basically users get instant rewards online for offline actions, and with our help, brick and mortar businesses can draw causal links between their online advertising campaigns and offline sales. With our help, companies will finally be able to answer burning questions like, “Did that old-timey looking product photo we posted last week actually get people in our store?” Social media experts beware.
In our talk we focused on 2 main topics: securing user authentication (specifically, two-factor for both VPN and SSHD) and the architecture surrounding our credit card vault. You can find the video of Eddie’s talk below, as well as slides that you can use to follow along! If you want more info about two-factor authentication or want to see some code samples, please see our previous posts about VPN and SSHD.