Payment Security

SECURE ORDERING ONLINE USING OPAYO (formerly SagePay) SECURE SERVER

When your payment card is used to make purchases over the Internet through our shopping basket, the information is encrypted using 128 bit encryption. This technology ensures that your information is protected from outside parties when transmitted from your computer to our computer.

All Payments are processed using Opayo Secure Server. We accept the major credit and debit cards including Visa, Mastercard, Maestro and American Express.


Opayo Secure Buying

Credit card information for orders placed on our site is handled by the Opayo secure server. Opayo are an industry leader in secure transactions and provide transaction security for thousands of UK businesses.

Industry leading transaction security

Transactions from our site are passed to the Opayo Payment System encrypted using 128-bit SSL certificates with an MD5 hash signature to prevent tampering. No cardholder information – name address or order details – are passed unencrypted. Nothing passed to Opayo can be examined, used or modified by third parties even by those working for ISPs.

Highly secure encrypted storage

Opayo hold data using 256-bit encryption to internationally recognised standards used by government. Encryption keys are held in tamper-proof systems like those used to secure VeriSign’s Global Root certificate.

Opayo has private secure links to the banking network. Cardholder information sent to the banks and authorisation messages returned are secure and cannot be tampered with.

Access to Data

When you place an order on our system your name, address and order total go into our system, are encrypted and passed to Opayo. Then a URL takes you to Opayo and the actual payment goes direct into their highly secure system. A further URL brings you back to our site.

No one in our company has access to credit card information passed to Opayo. Opayo senior management can access information in extenuating circumstances such as Police or Credit Card Fraud investigations. Systems within Opayo do not normally display a complete credit card number or any information that would let your details be examined.

Data transmitted by Opayo and held by them is regularly audited by both banks and banking authorities to ensure continued security.

Best practice

Credit card data passed across the Internet in this way should be considerably more secure than information passed as voice across phone lines. People on extensions or maintenance engineers could listen in and people might make written records.

We have another reason for preferring electronic orders – it is rather more efficient. We get your typed name, address and product code – not what we think we heard.

However if you still prefer to pay over the phone, we will be happy to process your payment that way.

PCI DSS Compliance

We are certified as PCI DSS Compliant by SecurityMetrics, an accredited QSA.

The Payment Card Industry Data Security Standard (PCI DSS) is a global standard introduced by Visa, MasterCard, Amex and other Credit Card processors to provide improved security for card scheme data.

  1. Install and maintain a firewall to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored cardholder data.
  4. Encrypt transmission of cardholder data across open public networks.
  5. Use and regularly update anti-virus software or programs.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to cardholder data by business need-to-know.
  8. Assign a uniqe ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security for employees and contractors.

Each question has more detailed considerations which develop as fraudsters find new ways to penetrate systems. More information is available from the PCI Security Standards Council website.