HELP

Security Policy


At ShopTo.Net we consider your security to be of the highest priority and for this reason we took several measures to ensure your card details are not at risk. With the systems we have in place we consider ourselves to be the most secure gaming store on the Internet and you can shop safe in the knowledge your experience with us will be a protected one.

Repeat Transaction - We don't store your card details

Normally when you shop online you will store your card details with a retailer. The retailer will then for each order pass these details onto their payment gateway, which will in turn send the details to the bank to take payment. With our Repeat Transaction system we will only send your details to our payment gateway (SagePay) one time. For all other transactions thereafter we will simply send SagePay a request to repeat the initial transaction with the required total of your new order.

By doing this it means we do not need to store your card details on file and none of your details will need to be sent over repeatedly to our payment gateway. The only thing we'll pass over is the transaction reference number from your previous purchase, eliminating the possibility of any details falling into the wrong hands in the improbable event they could be intercepted between us and our payment gateway.

For your own personal reference we will store the last 4 digits of your card and your expiry date on your account so you are aware of which card you previously used and will be used for your next order.

FAQ:
I'm a new customer and wish to make a pre-order, how will you repeat my transaction if I've never made an initial payment?

When you first store your card details it will make a £1 test payment (which is refunded immediately) to verify your card details are correct. This is the transaction we will repeat to charge you for your pre-order.

I've got a new card, will you still be able to repeat my previous transactions?

Just like with new customers when you submit your new card details for the first time it will make a test transaction, this is the transaction we will repeat when taking your payment.

My card details are still on file, I thought you were no longer storing them?

We are phasing out the storage of all credit card details but those accounts with existing pre-orders on them will not have their details removed immediately.

Security Question

To change important account details such as your e-mail address and delivery address you need to answer a security question. This prevents details being changed against your will in the event someone you didn't authorise was to gain access to your account.

If for example you were to click the change delivery address button to have an item sent elsewhere, on this page you would have to confirm the answer to your security question to authorise the change. You would then also receive an e-mail confirming it.

The security question is set when registering a new account, for customers who registered before the security question was introduced you'll be prompted to set your security question when you attempt to change some of you account details. Before it’s confirmed you will receive an e-mail containing a link that you'll need to click to confirm the request to set the security question.

FAQ:
I've forgotten the answer to my security question; can you send it to me?

Your answer to the security question is encrypted in our database, so we cannot tell you what the answer is - Please contact us for assistance with getting it reset.

I've not received my e-mail to confirm the change, what do I do?

First of all be sure to check your junk e-mail folder in case it has ended up in there by accident. Failing that please make another request to change the details and a new e-mail will be sent.

I've no longer got access to my e-mail address on file so cannot receive the confirmation e-mail to change it! What can I do?

Please contact our customer service team who will be able to go through a security check with you to manually reset your e-mail address.

3D Authentication - Verified by Visa / Mastercard Securecode mastercard secure code visa secure code

For all high value orders we require a card that is signed up to Verified by Visa or Mastercard Securecode. This system is something you will need to sign up to with your bank directly.

The way this system works is you'll prompted for a password by your bank when checking your item out. You will choose the password when signing-up so it’s completely personal to you. This means if your card details were to fall into the wrong hands they would not be able to buy items from our store without knowing your personal password.

To sign up for this service please click either of the logos below or contact your bank for assistance.

FAQ:
My card does not support Verified by Visa or Mastercard Securecode, can I still purchase from you with this card?

While you will still be able to purchase low value items unfortunately you will not be able to purchase large value items with this card and will need to use another.


Sage Pay - Our Payment Gateway - sage pay

A payment gateway is the service that automates the payment transaction between the shopper and merchant, the company we use for this is Sage Pay.

Sage Pay collect card details via a 128-bit SSL secured payment page. They request card number, expiry dates, cardholder name and address and security code value. This information is then further encrypted to be held against the transaction details on their system before being sent to the UK acquiring banks for authorisation (over secure, offline channels). Sage Pay don't store the security code (in line with Visa requirements) but they do store the card number (only in an encrypted format that none of their staff have access to).

Sage Pay secure your card details within their database using AES-256, the keys for which are held on tamper-proof hardware security modules which are unavailable to Sage Pay staff.

Sage Pays systems have been approved and is regularly audited by Visa and Mastercard as one of the most secure sites in the UK. Their systems are independently audited by the UK acquiring banks and are compliant with the card schemes themselves (both Visa and Mastercard) under their Payment Card Industry Data Security Standard which ensures they meet very strict security guidelines.

If you have any questions or require further information on Sage Pay please visit their website: www.sagepay.com

PayPal paypal

In addition to credit card transactions through SagePay we also accept payment via PayPal.

PayPal is a secure online payment method which allows you to pay for your items quickly and easily. To make a payment with PayPal you will need a PayPal account and can sign up for this in advance or during your transaction with us.

Please note the address you select on PayPal will be used for your order even if you have previously entered a different delivery address on your ShopTo account.

PayPal can only be used for live orders with us and not pre-orders. 3D Authentication and Repeat Transaction also do not apply for PayPal transactions.

For more information on PayPal and to sign up for an account please visit the website: www.paypal.co.uk

VeriSign Secured – SSL Security verisign

At ShopTo we have a secure VeriSign SSL Certificate, you can verify our certificate by logging in and clicking the VeriSign Secured seal.
More than 90,000 Web sites in 145 countries display the VeriSign Secured Seal to show that their site is protected by a VeriSign® SSL Certificate. When you see the VeriSign Secured Seal and verify its authenticity, you can feel confident that your information is protected by VeriSign encryption technology.
The VeriSign Secured Seal means that a connection has been established to a domain secured by a VeriSign SSL Certificate. SSL enables an encrypted communication channel between your Web browser and the Web site server so that you can transfer sensitive information securely. When you send sensitive information, like a credit card number or password, encryption keeps it private.

When entering your card details, purchasing items or changing information through our secure server you can be safe in the knowledge you are submitting your data through us and nobody else by the illuminated ShopTo.net Limited (GB) text that appears in your web browsers address bar.

Please see the following link for more detailed information on SSL certificates and VeriSign: www.verisign.com


SecurityMetrics – PCI Compliant

SecurityMetrics tests merchant’s servers to determine if they comply with credit card companies' PCI Data Security Standards. We are tested quarterly to ensure that high security standards are maintained.
Further information can be found on the SecurityMetrics website.


McAfee Secure HACKER SAFE certified sites prevent over 99.9% of hacker crime.

McAfee SECURE service tests our website daily for vulnerabilities, dangerous content and links that expose consumers' computer and personal information to malicious use. McAfee SECURE service helps protect ourselves and consumers from hackers, adware, spyware, browser exploits, spammers, phishing attacks and online scams.
McAfee Secure web sites are certified as providing the highest level of protection for shoppers.
Further information can be found on the McAfee website.