Security & payment protection
Plain explanation of how card data is handled, where it lives, and what we do — and do not do — to keep your top-up safe.
Two-host setup
The main marketing site (mobquickrefill.org) and the payment page (pay.mobquickrefill.org) run on two separate hosts. The main site never receives a card number; the only data passed between them is the mobile number, amount, currency and an order ID — all in plain URL parameters that you can inspect.
Encrypted connection
Both hosts serve every page over HTTPS (TLS 1.2 and above). Card data is transmitted to the payment gateway over the same encrypted channel. Mixed content is not allowed; all images, scripts and styles are loaded over HTTPS as well.
What card data we store
We do not store full card numbers. After a payment we keep:
- The order ID
- The masked card (first six and last four digits)
- The expiry month and year
- The card brand (Visa or Mastercard)
- The amount, currency and date
- The mobile number that received the credit
This is enough to issue refunds, answer disputes and reconcile our books.
Two things worth noting
- OTPs and card codes never come from us. If anyone calls or texts you claiming to be mobquickrefill and asks for a code — it is not us.
- Only the brands we actually accept are shown. The footer carries Visa and Mastercard logos because those are the cards we process. No other compliance badges are displayed on the site.
Disputes and chargebacks
If you do not recognise a charge from mobquickrefill on your statement, contact us first at support@mobquickrefill.org. We can usually resolve mis-typed numbers or duplicate charges within a business day. If the matter is not resolved, you retain the right to raise a chargeback with your card issuer.
Reporting a security issue
Found a vulnerability, broken form, or anything that looks wrong on the site? Write to support@mobquickrefill.org with the subject line Security report. Please do not publish the issue before we have had a chance to fix it.