Security

We use Securetrading processing services to facilitate all on line payments. Securetrading use the following processes to validate and authorise payment. The credit card information is securely encrypted by the script and communicated via the Internet to one of SECURETRADING's gateway servers, which links immediately to the appropriate bank to request authorisation. All transactions that pass credit card number validity checks are sent to the bank for authorisation.

At the same time, SECURETRADING's Fraud Control System runs a parallel check to investigate the likelihood of the transaction being fraudulent. This system is programmed to look for known patterns of suspicious activity or information, and returns a 'confidence level'. In the event of a low confidence level - even if the transaction is authorised by the bank - the merchant is left with the decision whether to further verify the identity of the customer before shipping any goods, helping to avoid any chargeback of the payment.

If the transaction is successfully authorised by the bank, this result is transmitted back to the merchant site, together with the transaction reference and the value of the confidence level. The authorisation process checks that the customer has sufficient funds to cover the transaction amount, and allocate the required amount for the transfer to the merchant.

All communication within the system are strongly encrypted using 2048-bit RSA encryption with variable 168-bit session keys (i.e. each transaction uses a new key). This is significantly (many billions of times) more secure than standard browser SSL security provided by, e.g. Internet Explorer. SECURETRADING encryption is also much more secure than that specified for the SET (Secure Electronic Transaction) protocol. The high level of encryption used is forecast as not being a requirement until the year 2015."

Access to all personal information is strictly limited to two individuals.
Data is stored under secure conditions in two locations.