Passage Inc, the parent company of Passage and HauntPay, has been in the payment processing game for 4 years and knows security is of the utmost importance. Clients like Quicken Loans and the Cleveland Cavaliers don't let us get away with sub-par practices!
Regarding Passage: Our system leverages robust security practices, which we've used to process over 100,000 transactions so far. The payment industry has a set of security best practices known as the Payment Card Industry Data Security Standards (PCI-DSS). We're fully certified as PCI-DSS Level 2 compliant, and have regular vulnerability scans completed by Security Metrics, Inc. Attached below is an attestation certificate from Security Metrics.
To you give you a little view into our security practices, all transactions are fully encrypted via 128-bit SSL, using a 2432 bit RSA key. Additionally, no card information is EVER stored: the payment processing networks we run through only store an encrypted token to reference a card transaction, and those tokens can only be used by our servers. Even if a hacker broke in and stole those tokens, it would be worthless to them.