Last updated: July 2026

When you shop at Hobby Box, you can check out with complete confidence. Every step of our checkout process is protected by the same security technology used by banks and major financial institutions worldwide. This page explains exactly what we do to keep your information safe and your transaction secure.

SSL Encryption Across the Entire Site

Our website runs on SSL/TLS encryption from the moment you land on the homepage to the moment your order is confirmed. You will always see the padlock icon and https:// in your browser’s address bar. This means all data transmitted between your browser and our website — including your name, address, email, and payment information — is encrypted in transit. It cannot be read or intercepted by anyone between you and us.

Stripe: The Gold Standard in Payment Security

All payments at Hobby Box are processed by Stripe. Stripe is a PCI-DSS Level 1 certified payment processor — the highest level of security certification that exists in the payments industry, assessed annually by independent auditors. PCI-DSS Level 1 compliance means Stripe meets or exceeds every security standard set by the major card networks: Visa, Mastercard, American Express, and Discover.

When you enter your card number at checkout, you are typing it directly into Stripe’s secure hosted payment fields — not into a field controlled by our website. Your card data travels directly to Stripe’s servers in encrypted form. At no point does it pass through, or get stored on, our own servers. Hobby Box never sees your full card number. We never store it. We physically cannot access it.

What Hobby Box Receives

After a successful transaction, Stripe sends us a confirmation that includes: your name, email, and shipping address; the last four digits of the card used (for your reference on receipts); the card brand (Visa, Mastercard, etc.); and the transaction amount and order details. That is all. Your full card number, expiration date, and CVV remain exclusively within Stripe’s secure environment.

Tokenization

If you create an account and save a payment method for future purchases, your card details are stored by Stripe using tokenization. This means your actual card number is replaced by a unique token — a random string of characters that references your card in Stripe’s system but cannot be reverse-engineered into your real card number. Even in the event of a data breach on our side (which we work hard to prevent), no usable card data could be exposed because we do not hold it.

3D Secure Authentication

Depending on your card issuer’s settings, you may be prompted for an additional verification step during checkout — such as entering a one-time code sent to your phone or using your banking app to approve the transaction. This is 3D Secure, a protocol implemented by the card networks (Visa Secure, Mastercard Identity Check) and triggered by your bank to provide an extra layer of protection against unauthorized use of your card. It is not a sign of a problem — it is an additional security measure working exactly as intended.

Advanced Fraud Detection

Stripe’s fraud prevention system, Stripe Radar, analyzes hundreds of signals in real time for every transaction — including device fingerprinting, IP geolocation, behavioral patterns, and card network data — to identify and block fraudulent activity before it results in a charge. Orders flagged as potentially fraudulent may be held for manual review. If your order is held, we will contact you promptly. Legitimate orders are virtually never affected.

Apple Pay and Google Pay

When you pay with Apple Pay or Google Pay, your actual card number is never transmitted. Instead, these services use device-specific account numbers and transaction-specific dynamic security codes. Additionally, Apple Pay requires Face ID, Touch ID, or your device passcode before the payment is authorized, and Google Pay uses your device’s lock screen security. These methods are among the most secure payment options available.

Safe on All Devices

Our checkout is fully responsive and equally secure on desktop computers, laptops, tablets, and smartphones. The encryption, fraud detection, and tokenization described above apply regardless of what device you use to shop with us.

Unrecognized Charges

If you see a charge from Hobby Box that you do not recognize, please email us at hello@hobbyboxny.com before contacting your bank. Include the last four digits of the card, the approximate amount, and the date of the charge. We can usually identify and explain any transaction within minutes. Most unrecognized charges turn out to be a purchase made by a family member or an order placed under a different email address.

Contact

Security questions or concerns: hello@hobbyboxny.com | +1 (718) 241-2273 | 2600 Flatbush Ave, Brooklyn, NY 11234 | Open daily 10:00 AM – 6:00 PM.