We take online security seriously. All of our online transactions go entirely through Sage Pay or PayPal.
Sage Pay's security
All transaction information passed between merchant sites, and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted, and any messages sent to our servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely assured that nothing you pass to Sage Pay’s servers can be examined, used or modified.
Once on Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data they hold is extremely secure and they are regularly audited by the banks and banking authorities to ensure it remains so.
Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.
Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. Sage Pay are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.
PayPal delivers one of the most secure payment platforms in the world. After more than a decade as the leader in online payments, we've learned a thing or two about keeping your information safe. Safeguarding your financial and personal information is one of our most important priorities. That's why we automatically encrypt all sensitive information sent between your computer and PayPal systems, ensuring your information is kept private. PayPal verify that your Internet browser is running Secure Sockets Layer 3.0 (SSL) or higher. Information is protected by SSL with an encryption key length of 168 bits (the highest level commercially available). We store your personal information and ensure it's heavily guarded, both physically and electronically. To further safeguard your debit and credit card numbers and your bank account details, we do not directly connect our firewall-protected servers to the internet.