Disable Secure Client-Initiated Renegotiation or sign up to Cloudflare for their TLS stack and DDOS mitigation as well since I would imagine competitors will start attacking you like they do all payment gateways.
Your address is an apartment building in London.. what physical security precautions have you taken from somebody breaking in and planting keylogging spy equipment to steal that gold mine of bank accounts, private bitcoin keys, and identity documents? I would be running this service out of a makeshift SCIF with access control and intrusion detection.
Hi moni3z,
Thanks for a productive feedback. We will look into the SSL problem, and will try to take all the necessary precautions. Regarding an office address — it's just a temp address and we are moving to a secured office space the next month. None of the sensitive information is kept on the premises, so it doesn't make sense to key logging.
Regards,