WebSite Security

WebSite Security

Sounds Live is the only UK supplier of Musical Instruments operating a Payment Card Industry Data Security Standard (PCI-DSS) Level One Compliant web store. We regularly review security to ensure that all the necessary measures are in place to protect both sensitive card holder and customer information.

How safe are your details if you order with Sounds Live?

Security does not come any higher than PCI-DSS Level One Compliant. We even apply and adhere to the same protocols that govern companies the size of Amazon.

As a further security measure, Sounds Live uses a PCI-DSS Level One Certified processing gateway, SecPay (www.secpay.com) for the processing of all on-line credit and debit card transactions. The only information data based by our server simply relates to customer contact details, and that data is subject to a 256 bit Military Grade encryption process.

With regards to shopping elsewhere, always check out their security policies, if listed, and always ask if unsure!

Security Measures

1.  The Sounds Live site has a Thawte SSL Certificate (www.thawte.com) and all secure areas, e.g. the shopping cart, use Military Grade 256 bit encryption.

2.  Sounds Live uses a fully PCI-DSS (Payment Card Industry Data Security Standard) certified Payment Processor, SecPay under the CPI protocol.

3.  Sounds Live uses a third part secure hosting company (Rack Space). Rack Space hosts our site and maintains our server and is one of the UK's top hosting companies (information available at www.rackspace.co.uk).

4.  All personal non-card data captured by our server is again subjected to 256 bit encryption.

5.  Sounds Live only uses a dedicated server and a dedicated MSQL, to address the risk presented by cross-contamination if using a shared server.

6. Sounds Live continually reviews and updates security on its site via PCI-DSS compliance certificates.

Overview and Explanation of Terms, Buzz Words and Protocols

SSL is an abbreviation for Secure Socket Layer. In short SSL is a protocol that enables customers to transmit information securely to websites. When you place an order with us you will receive a message confirming that you are about to start viewing pages over a secure connection – what this means is that all information sent from your computer is encrypted using SSL, so there is no danger of your credit card or address being ‘stolen’ by anyone else on the Internet.

There are two payment protocols that merchants, or retailers, may use when processing on-line (internet) or telephone orders, MPI (Merchant server Plug-in) or CPI. If using MPI, merchants capture all the data required to process payment, including highly sensitive credit and debit card details. As a result any customer using a web site operating MPI has to rely completely upon the ‘in-house’ security of that merchant, who may not be PCI-DSS compliant. Note that non-compliant websites are vulnerable to hackers and as a result they may compromise your card data.

However, if a merchant uses CPI, they only capture customer contact and order details, the card details are captured separately by a dedicated payment processing house. Although the security of a payment processing provider, or gateway, will generally be far higher than that of a merchant, they may not necessarily be PCI-DSS compliant and fail to hold a PCI certificate. Therefore, it is always advisable when shopping on-line to check how your card details are being handled!

For reference, Sounds Live uses CPI via SecPay (www.secpay.com), a fully PCI-DSS compliant and certified gateway to process payment for all internet and mail order/telephone sales. SecPay, in line with the PCI-DSS, are required to undergo official quarterly security audits and penetration testing to remain PCI-DSS certified.

Sounds Live does not use a shared server, we use a dedicated server and dedicated MSQL, which is operated within a highly secure environment and monitored by professionals (Rack Space). Contrast this approach to some companies who have their server tucked away in the corner of some room, or others who as a cost saving exercise even use a shared server. Note that if a company uses a shared server they will be sharing the same server with several other companies, who all host or rent space from the same server – hence the term. However, the risk of using a shared server is that if any of the organizations sharing the same server fall victim to a hack, the result may lead to the creation of a ‘porthole’, which hackers can use to access all the data held by all the other companies sharing the same server, i.e. cross-contamination.

Today, Billions of pounds of business are transacted securely over the internet and we, as the above text explains, have made every effort by complying with the industry standard PCI-DSS protocol to ensure your details are protected when ordering from us.