Our Merchant Banker is Barclays Merchant Services in UK and the payment acquirers
are Secure Trading UK. They both follow strict security guidelines.
- Digital signatures are used throughout the system in order to ensure that transactions
arriving at a gateway are from an identifiable merchant, and that any information
passed back to the merchant is from a SECURETRADING gateway. Each signature uniquely
identifies its source. Gateways also communicate with each other and with the control
system using such digital signatures. In the event that a merchant's digital signature
becomes a security risk (e.g. if their server is stolen), the appropriate signature
will be immediately revoked and will no longer function within the system.
SECURETRADING is the official Certification Authority (root
CA) for these signatures.
- Encryption All communication within the system are strongly encrypted using
2048-bit RSA encryption with variable 168-bit session keys (i.e. each transaction
uses a new key). This is significantly (many billions of times) more secure than
standard browser SSL security provided by, e.g. Internet Explorer. SECURETRADING
encryption is also much more secure than that specified for the SET (Secure Electronic
Transaction) protocol. The high level of encryption used is forecast as not being
a requirement until the year 2015. The encryption is of course totally transparent
to the merchant and his/her customers.