|
| Security Information |
 |
|
 |
To provide security for your online purchases on our web site, we have chosen the secure online payment ensured by SecPay. The secure payment system technology SSL (Secure Sockets Layer) allows you to process, through an SSL-compliant browser such as Internet Explorer or Netscape Navigator, an end-to-end encrypted purchase transaction without fear of an intermediary obtaining your credit card information.
When you are asked to provide your credit/debit card details you should see on the bottom of your browser an unbroken key or locked padlock indicating you are in a secure transaction mode. You are then communicating with a secure server that has direct access into the UK banking gateways, which allows instant authorisation of credit/debit cards. This system allows the hosting of a secure form on secure servers.
The credit card information is securely encrypted and communicated via the Internet to one of SecPay's gateway servers, which links immediately to the appropriate bank to request authorisation. All transactions that pass credit card number validity checks are sent to the bank for authorisation.
Digital signatures are used throughout the system in order to ensure that transactions arriving at a gateway are from our web site, and that any information passed back to us is from a SecPay gateway. Each signature uniquely identifies its source. Gateways also communicate with each other and with the control system using such digital signatures. In the event that a digital signature becomes a security risk (e.g. if their server is stolen), the appropriate signature will be immediately revoked and will no longer function within the system.
All communication within the system are strongly encrypted using 2048-bit RSA encryption with variable 168-bit session keys (i.e. each transaction uses a new key). This is significantly (many billions of times) more secure than standard browser SSL security provided by, e.g. Internet Explorer. SecPay encryption is also much more secure than that specified for the SET (Secure Electronic Transaction) protocol. The high level of encryption used is forecast as not being a requirement until the year 2015.
The encryption is of course totally transparent to our customers.
All credit and debit cards carry a security code number. This number is known to the bank and printed on the card, but it is not stored or printed anywhere else. So, it can be used to check that the person using the card to make a purchase is in physical posession of the card, or has at least seen the card at some time.
|
|
|
|
|
| |
