Passage Inc, the parent company of Passage and HauntPay, has been in the payment processing game for nearly a decade and knows security is of the utmost importance. Clients like Quicken Loans and the Cleveland Cavaliers don't let us get away with sub-par practices!
Regarding Passage: Our system leverages robust security practices, which we've used to process millions of transactions. The payment industry has a set of security best practices known as the Payment Card Industry Data Security Standards (PCI-DSS). We are fully certified PCI-DSS compliant, and along with our partner payments network, Stripe.com, reach PCI-DSS Level 1 compliance status every year. You can read more here.
To you give you a little view into our security practices, all transactions are fully encrypted via 128-bit SSL, using a 2048 bit RSA key. Additionally, no card information is EVER stored: the payment processing networks we run through only store an encrypted token to reference a card transaction, and those tokens can only be used by our servers. Even if a hacker broke in and stole those tokens, it would be worthless to them!