Protecting you: site security
On-line shopping means that you have to provide potentially vulnerable financial information to complete your purchase. Your first level of protection is that our web site does not store or even access your credit or debit card account number and security code. All we see is your email address, whether or not you have completed the relevant bank’s verification process, whether or not funds have been transferred by the relevant bank to our bank and, of course, what products you have ordered and what are your invoice and shipping addresses.
When you reach the Checkout stage of your transaction on our site, the process is taken over by a highly secure payment processing system in the USA where your data is protected both electronically and physically. At this point, your computer or device is communicating directly with the payment processor (we use a company called Stripe for this). Stripe has an excellent reputation and is known for its reliability and responsiveness to companies like ours when we incorporate electronic funds transfer in our e-commerce sites.
In the communication, via the web, between your device and the payment processor, your information is automatically encrypted with an encryption key length of 128-bits (the highest level commercially available).
Before the transaction begins Stripe’s server checks that you're using, on your device, an approved browser – one that uses SSL 3.0 or higher. Such browsers include current versions of Safari, Chrome, Firefox, Mozilla and Internet Explorer.
Stripe’s servers and those of the bank involved sit behind electronic firewalls and are not directly connected to the web.
Stripe then communicates with the relevant bank so that the transaction can be completed and verified.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level. This is the most stringent level of certification available in the payments industry.
PCI is a standard maintained by a security standards council founded by banks including: American Express, MasterCard, and Visa. Members of the council have agreed to incorporate the PCI Data Security Standard (PCI DSS) as part of the technical requirements for each of their data security compliance programs. The involvement of the world’s leading banks in PCI – and their liaison with law enforcement agencies – means fraud-related information is shared on a global scale. As a PCI audited payment processor, Stripe has access to and utilizes the constantly evolving state-of-the-art in fraud protection technology. Everything is aimed at stopping fraudulent transactions before they happen – and of course making sure your card transaction proceeds as rapidly and conveniently as possible.
If something does happen, of course, you are protected, subject to the terms and conditions of your credit / debit card provider.
At Boo9, we respect the privacy of all the information you provide to us. We never communicate that information to third-parties. We also have the aim of giving you the best possible shopping experience and the most convenient way of selecting and purchasing the products you want. Please also see our Refunds policy page where we explain how we aim to give you the protection and fairness you seek for buying on-line (which is better than the legally required standard in the UK)