ONLINE SECURITY

The Snug Beauty & Wellbeing salon takes your security seriously, our site uses the same technology and security measures utilised by many of the major "high-street" brands.

When browsing our store your browser will go into 'secure mode' as soon as you access the 'checkout' pages and before you enter any personal or payment details including credit card information. You can check you're shopping in a secure environment by looking for a locked padlock or a key icon in the grey bar at the bottom of your browser or in the address bar.

Being in secure mode means all your details are encrypted to help keep them safe. Encryption creates billions of code combinations to protect each transaction made on our website. That means your card details can't be viewed by anyone else using the INTERNET. If you have one of the more recent browser versions, our website supports 128-bit encryption. This keeps your details as safe as possible at all times.

We only accept orders that are placed with Secure Socket Layer (SSL). This technology prevents you from accidentally revealing personal information using an insecure connection. During payment, we also ask for your card billing address as an additional security check. Other security checks, such as the card signature code, also protect your credit card details Online. We use your card details to process your orders and we'll ask for them for every order placed.

It is important to know that The Snug does not any point receive full and open credit card detail numbers! this is handled via our payment gateway provider Stripe who has an additional layer of security. All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe's infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn't share any credentials with Stripe's primary services (API, website, etc.).

Our Online store is PCI Compliant using secure technology using secure services via Shopify inc and payment gateway provider stripe.

What is PCI DSS Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit card and debit card information. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around credit card data to reduce credit card fraud via its exposure. If you want to sell Online and accept payments from Visa, MasterCard, American Express or Discover credit cards, your software and hosting needs to be PCI compliant.

For more information visit http://www.pcicomplianceguide.org

November 21, 2013