We implement enterprise-grade security protocols to protect your financial transactions and customer data at all times.
As a payment gateway aggregator processing financial data for businesses in Bangladesh, security is the foundation of our technology stack. We implement a defense-in-depth framework, ensuring transaction data, system configurations, and account credentials are protected by multiple layers of modern encryption and security boundaries.
All communication between client browsers, merchant servers, the BDGate API endpoints, and our background MFS Relay apps is encrypted in transit using industry-standard TLS (Transport Layer Security) protocols. This prevents any possibility of man-in-the-middle (MITM) attacks or data interception over public internet channels.
User passwords stored in the BDGate database are hashed using the bcrypt cryptographic algorithm with a high work factor salt, ensuring credentials cannot be compromised via SQL indexing or data leaks. We do not store raw passwords anywhere on our servers.
To reduce compliance complexity for local merchants, BDGate does not collect, process, or store raw credit or debit card numbers on its physical servers. All card payment checkouts are securely delegated directly to Stripe and PayPal's PCI-DSS compliant payment gateways, protecting you from card theft liabilities.