Payment Security

SECURE ORDERING ONLINE USING SAGEPAY SECURE SERVER

When your credit card is used to make purchases over the Internet through our shopping basket, the information is encrypted using 128 bit encryption. This technology ensures that your information is protected from outside parties when transmitted from your computer to our computer.

All Payments are processed using SagePay Secure Server. We accept the major credit and debit cards including Visa, Mastercard, Maestro and American Express.


SagePay Secure Buying

Credit card information for orders placed on our site is handled by the SagePay secure server. SagePay are an industry leader in secure transactions and provide transaction security for thousands of UK businesses.

Industry leading transaction security

Transactions from our site are passed to the SagePay Payment System encrypted using 128-bit SSL certificates with an MD5 hash signature to prevent tampering. No cardholder information – name address or order details – are passed unencrypted. Nothing passed to SagePay can be examined, used or modified by third parties even by those working for ISPs.

Highly secure encrypted storage

SagePay hold data using 256-bit encryption standards to internationally recognised standards used by government. Encryption keys are held in tamper-proof systems like those used to secure VeriSign’s Global Root certificate.

SagePay has private secure links to the banking network. Cardholder information sent to the banks and authorisation messages returned are secure and cannot be tampered with.

Access to Data

When you place an order on our system your name, address and order total go into our system, are encrypted and passed to SagePay. Then a URL takes you to SagePay and the actual payment goes direct into their highly secure system. A further URL brings you back to our site.

No one in our company has access to credit card information passed to SagePay. SagePay senior management can access information in extenuating circumstances such as Police or Credit Card Fraud investigations. Sytems within SagePay do not normally display a complete credit card number or any information that would let your details be examined.

Data transmitted by SagePay and held by them is regularly audited by both banks and banking authorities to ensure continued security.

Best practice

Credit card data passed across the Internet in this way should be considerably more secure than information passed as voice across phone lines. People on extensions or maintenance engineers could listen in and people might make written records.

We have another reason for prefering electronic orders – it is rather more efficient. We get your typed name, address and product code – not what we think we heard.

However if you still prefer to pay over the phone, we will be happy to process your payment that way.

PCI DSS Compliance

We are certified as PCI DSS Compliant by SecurityMetrics, an accredited QSA.

The Payment Card Industry Data Security Standard (PCI DSS) is a global standard introduced by Visa, MasterCard, Amex and other Credit Card processors to provide improved security for card scheme data.

  1. Install and maintain a firewall to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored cardholder data.
  4. Encrypt transmission of cardholder data across open public networks.
  5. Use and regularly update anti-virus software or programs.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to cardholder data by business need-to-know.
  8. Assign a uniqe ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security for employees and contractors.

Each question has more detailed considerations which develop as fraudsters find new ways to penetrate systems. More information is available from the PCI Security Standards Council website.