|
Security
Our Merchant Banker is Securetrading.com and
they follow strict security guidelines.
Digital Signatures
Digital signatures are used throughout the system in order to ensure that transactions arriving at a gateway are from an
identifiable merchant, and that any information passed back to the merchant is from a SECURETRADING gateway. Each signature uniquely identifies its source. Gateways also communicate with each other
and with the control system using such digital signatures. In the event that a merchant's digital signature becomes a security risk(e.g. if their server is stolen), the appropriate signature will be immediately revoked and will no longer function within the system.
SECURETRADING
is the official Certification Authority (root CA) for these signatures.
Encryption
All communication within the system are strongly
encrypted using 2048-bit RSA encryption with variable 168-bit session
keys (i.e. each transaction uses a new key). This is significantly (many
billions of times) more secure than standard browser SSL security provided
by, e.g. Internet Explorer. SECURETRADING
encryption is also much more secure than that specified for the SET
(Secure Electronic Transaction) protocol. The high level of encryption
used is forecast as not being a requirement until the year 2015. The encryption
is of course totally transparent to the merchant and his/her customers.
| 
