Any information you provide will be used solely by us and will not be sold or given away to any third party. The information requested is necessary to successfully complete the transaction and shipment of goods and will not be used for any other purpose.
PayPal automatically encrypts your confidential information in transit from your computer to PayPal's using the Secure Sockets Layer protocol (SSL) with an encryption key length of 128-bits (the highest level commercially available). Before you even register or log in to PayPal's site, their server checks that you're using an approved browser - one that uses SSL 3.0 or higher.
Once your information reaches PayPal, it resides on a server that is heavily guarded both physically and electronically. Their servers sit behind an electronic firewall and are not directly connected to the Internet, so your private information is available only to authorised computers.
- credit/debit card details are secured within 128-bit encrypted sessions.
- sensitive information is stored on a heavily encrypted database that is protected by multiple government approved firewalls.
- additional security measures include a security key that is used to produce an MD5 hash value. Hash values are often used as digital signatures as they cannot be reversed to obtain the original information. They allow the receiver to validate that the information received is identical to that sent.
SagePay is designed so the vendor doesn't have to hold sensitive information on their site, should anyone gain unauthorised access to their database the information they obtain will not allow them to recover credit card details or other sensitive information.
The possibility of obtaining sensitive information from the SagePay database is minimised due to high levels of encryption; firewall security and the measures taken to ensure the information is indecipherable.