Security Policy
At ShopTo.Net we consider your security to be of the highest priority and for this reason we took several measures to ensure your card details are not at risk. With the systems we have in place we consider ourselves to be the most secure gaming store on the Internet and you can shop safe in the knowledge your experience with us will be a protected one.
Repeat Transaction - We don't store your card details
Normally when you shop online you will store your card details with a retailer. The retailer will then for each order pass these details onto their payment gateway, which will in turn send the details to the bank to take payment. With our Repeat Transaction system we will only send your details to our payment gateway (SagePay) one time. For all other transactions thereafter we will simply send SagePay a request to repeat the initial transaction with the required total of your new order.
By doing this it means we do not need to store your card details on file and none of your details will need to be sent over repeatedly to our payment gateway. The only thing we'll pass over is the transaction reference number from your previous purchase, eliminating the possibility of any details falling into the wrong hands in the improbable event they could be intercepted between us and our payment gateway.
For your own personal reference we will store the last 4 digits of your card and your expiry date on your account so you are aware of which card you previously used and will be used for your next order.
FAQ:
Security Question
To change important account details such as your e-mail address and delivery address you need to answer a security question. This prevents details being changed against your will in the event someone you didn't authorise was to gain access to your account.
If for example you were to click the change delivery address button to have an item sent elsewhere, on this page you would have to confirm the answer to your security question to authorise the change. You would then also receive an e-mail confirming it.
The security question is set when registering a new account, for customers who registered before the security question was introduced you'll be prompted to set your security question when you attempt to change some of you account details. Before it’s confirmed you will receive an e-mail containing a link that you'll need to click to confirm the request to set the security question.
FAQ:
3D Authentication - Verified by Visa / Mastercard Securecode
For all high value orders we require a card that is signed up to Verified by Visa or Mastercard Securecode. This system is something you will need to sign up to with your bank directly.
The way this system works is you'll prompted for a password by your bank when checking your item out. You will choose the password when signing-up so it’s completely personal to you. This means if your card details were to fall into the wrong hands they would not be able to buy items from our store without knowing your personal password.
To sign up for this service please click either of the logos below or contact your bank for assistance.
The way this system works is you'll prompted for a password by your bank when checking your item out. You will choose the password when signing-up so it’s completely personal to you. This means if your card details were to fall into the wrong hands they would not be able to buy items from our store without knowing your personal password.
To sign up for this service please click either of the logos below or contact your bank for assistance.
FAQ:
Braintree – Our payment gateway
A payment gateway is a service that automates the payment transaction between the shopper and merchant, the company we use for this is Braintree.
Braintree collects card details via a 128-bit SSL secured payment page. They will request card number, expiry dates, cardholder name and address and security code value. This information is then further encrypted to be held against the transaction details on their system before being sent to the UK acquiring banks for authorisation (over secure, offline channels). Braintree doesn't store the security code (in line with Visa requirements) but they do store the card number (only in an encrypted format that none of their staff has access to).
Braintree secures your card details within their database using AES-256, the keys for which are held on tamper-proof hardware security modules which are unavailable to Braintree staff.
Braintree systems have been approved and are regularly audited by Visa and Mastercard as one of the most secure sites in the UK. Their systems are independently audited by the UK acquiring banks and are compliant with the card schemes themselves (both Visa and Mastercard) under their Payment Card Industry Data Security Standard which ensures they meet very strict security guidelines. If you have any questions or require further information on Braintree please visit their website: https://www.braintreepayments.com/gb.
Braintree collects card details via a 128-bit SSL secured payment page. They will request card number, expiry dates, cardholder name and address and security code value. This information is then further encrypted to be held against the transaction details on their system before being sent to the UK acquiring banks for authorisation (over secure, offline channels). Braintree doesn't store the security code (in line with Visa requirements) but they do store the card number (only in an encrypted format that none of their staff has access to).
Braintree secures your card details within their database using AES-256, the keys for which are held on tamper-proof hardware security modules which are unavailable to Braintree staff.
Braintree systems have been approved and are regularly audited by Visa and Mastercard as one of the most secure sites in the UK. Their systems are independently audited by the UK acquiring banks and are compliant with the card schemes themselves (both Visa and Mastercard) under their Payment Card Industry Data Security Standard which ensures they meet very strict security guidelines. If you have any questions or require further information on Braintree please visit their website: https://www.braintreepayments.com/gb.
Paypal
In addition to credit card transactions through SagePay we also accept payment via PayPal.
PayPal is a secure online payment method which allows you to pay for your items quickly and easily. To make a payment with PayPal you will need a PayPal account and can sign up for this in advance or during your transaction with us.
Please note the address you select on PayPal will be used for your order even if you have previously entered a different delivery address on your ShopTo account.
PayPal can only be used for live orders with us and not pre-orders. 3D Authentication and Repeat Transaction also do not apply for PayPal transactions.
For more information on PayPal and to sign up for an account please visit the website: www.paypal.co.uk
PayPal is a secure online payment method which allows you to pay for your items quickly and easily. To make a payment with PayPal you will need a PayPal account and can sign up for this in advance or during your transaction with us.
Please note the address you select on PayPal will be used for your order even if you have previously entered a different delivery address on your ShopTo account.
PayPal can only be used for live orders with us and not pre-orders. 3D Authentication and Repeat Transaction also do not apply for PayPal transactions.
For more information on PayPal and to sign up for an account please visit the website: www.paypal.co.uk
Verisign secured – SSL Security
At ShopTo we have a secure VeriSign SSL Certificate, you can verify our certificate by logging in and clicking the VeriSign Secured seal.
More than 90,000 Web sites in 145 countries display the VeriSign Secured Seal to show that their site is protected by a VeriSign® SSL Certificate. When you see the VeriSign Secured Seal and verify its authenticity, you can feel confident that your information is protected by VeriSign encryption technology.
The VeriSign Secured Seal means that a connection has been established to a domain secured by a VeriSign SSL Certificate. SSL enables an encrypted communication channel between your Web browser and the Web site server so that you can transfer sensitive information securely. When you send sensitive information, like a credit card number or password, encryption keeps it private.
When entering your card details, purchasing items or changing information through our secure server you can be safe in the knowledge you are submitting your data through us and nobody else by the illuminated ShopTo.net Limited (GB) text that appears in your web browsers address bar.
Please see the following link for more detailed information on SSL certificates and VeriSign: www.verisign.com
More than 90,000 Web sites in 145 countries display the VeriSign Secured Seal to show that their site is protected by a VeriSign® SSL Certificate. When you see the VeriSign Secured Seal and verify its authenticity, you can feel confident that your information is protected by VeriSign encryption technology.
The VeriSign Secured Seal means that a connection has been established to a domain secured by a VeriSign SSL Certificate. SSL enables an encrypted communication channel between your Web browser and the Web site server so that you can transfer sensitive information securely. When you send sensitive information, like a credit card number or password, encryption keeps it private.
When entering your card details, purchasing items or changing information through our secure server you can be safe in the knowledge you are submitting your data through us and nobody else by the illuminated ShopTo.net Limited (GB) text that appears in your web browsers address bar.
Please see the following link for more detailed information on SSL certificates and VeriSign: www.verisign.com
SecurityMetrics – PCI compliant
SecurityMetrics tests merchant’s servers to determine if they comply with credit card companies' PCI Data Security Standards. We are tested quarterly to ensure that high security standards are maintained. Further information can be found on the SecurityMetrics website: www.securitymetrics.com
McAfee Secure
McAfee SECURE service tests our website daily for vulnerabilities, dangerous content and links that expose consumers' computer and personal information to malicious use. McAfee SECURE service helps protect ourselves and consumers from hackers, adware, spyware, browser exploits, spammers, phishing attacks and online scams.
McAfee Secure web sites are certified as providing the highest level of protection for shoppers. Further information can be found on the McAfee website: www.mcafeesecure.com
McAfee Secure web sites are certified as providing the highest level of protection for shoppers. Further information can be found on the McAfee website: www.mcafeesecure.com