Safety and Security
MCL Data Solutions takes your security very seriously.
Site Identity The site is secured using a GeoTrust Certificate which the site's authenticity and enables you, the customer, to verify at a glance that the site is secure and that any sensitive information you give us will not be intercepted by a third party. To check the certificate, scroll down to the bottom of any page and click the "Secured by GeoTrust" image on the right - the pop-up will give you details of the certificate's validity and the domain to which it is issued. This should read "mcldatasolutions.co.uk" and should match the domain shown in the address bar of your browser.
The "Log In" and "Checkout" pages use a secure connection to prevent any third party accessing your data - clicking on the little padlock icon in your browser's adress bar while on these pages will show that you are connected to the mcldatasolutions.co.uk server, that the site's identity has been verified and that the connection is encrypted.
Transaction security In addition to the security measures on our site, we use SagePay as our payment processor to further protect our customers from fraud. When you finalise your order, the MCL Data Solutions website passes your order details to SagePay, who take your payment details, authorise the transaction and pass the completed order back to us. Using this method means that we receive your payment without even having to see your credit card details ourselves - we leave that part to the experts.
All transaction information passed between us and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to us from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely assured that nothing we pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Once on SagePay’s systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract.
The data SagePay holds is extremely secure and they are regularly audited by the banks and banking authorities to ensure it remains so. Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands. SagePay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. They are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.