Payment Security Statement

SSL Encryption

Our website www.krilo.hr uses SSL (Secure Socket Layer) encryption to protect all data transmitted between your browser and our server. SSL technology ensures that all data, including personal data and payment information, is encrypted and protected from unauthorized access during transmission.

You can recognize the SSL certificate by the padlock icon in the browser's address bar and by the fact that the page address begins with "https://" instead of "http://".

Monri Payment Gateway

For processing online payments, we use Monri Payment Gateway (WebPay), one of the leading systems for secure card transaction processing. The Monri system is certified according to PCI DSS (Payment Card Industry Data Security Standard) Level 1, which is the highest level of security certification in the card payment industry.

PCI DSS Level 1 certification means that Monri meets the strictest security standards for processing, storing, and transmitting card data, including:

• maintaining a secure network and systems,
• protecting cardholder data,
• managing system vulnerabilities,
• implementing strong access control measures,
• regularly monitoring and testing networks,
• maintaining an information security policy.

Supported Payment Cards

We accept the following cards for online payment:

• MasterCard
• Maestro
• Visa
• American Express

The transaction is authorized in real time, and a confirmation of successful payment is sent to the email address provided during purchase.

Card Data Protection

The merchant (KAPETAN LUKA – KRILO) does not store credit or debit card numbers on its servers at any time. All card data is entered directly into the secure environment of the Monri Payment Gateway system.

When entering card data, confidential information is transmitted via an encrypted connection directly to the Monri authorization system. Our website does not have access to card numbers, CVV/CVC codes, or other sensitive card data.

VPN Protection

Communication between the Monri WebPay system and financial institutions (banks and card companies) takes place through a protected VPN (Virtual Private Network) channel. The VPN ensures that transaction data is transmitted through an encrypted tunnel, further reducing the risk of interception or unauthorized access to data.

This multi-layered security approach – SSL encryption at the website level, PCI DSS Level 1 certification of the payment system, and VPN protection between the payment system and financial institutions – ensures the highest level of protection for your financial data.

Additional Security Measures

In addition to the security measures described above, we also apply the following:

• 3D Secure authentication: for additional protection, transactions may be verified through the 3D Secure protocol (Mastercard SecureCode, Verified by Visa), which requires additional identity verification of the cardholder by the issuing bank.
• Suspicious transaction monitoring: the system automatically monitors and flags suspicious transactions to prevent fraud.
• Restricted access: only authorized employees have access to systems used for payment processing, and only to the extent necessary to perform their duties.

Last updated: 6 March 2024