Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Is the Sage Pay system secure?

pay Sage Secure system
0
Posted

Is the Sage Pay system secure?

0 CommentsAdd a Comment

1 Answer

0

Sage Pay collect card details via a 128-bit SSL secured payment page. We request card number, expiry dates, cardholder name and address and security code value. This information is then further encrypted to be held against the transaction details on our system before being sent to the UK acquiring banks for authorisation (over secure, offline channels). We don’t store the security code (in line with Visa requirements) but we do store the card number (only in an encrypted format that none of our staff have access to). Sage Pay secure your card details within our database using AES-256, the keys for which are held on tamper-proof hardware security modules which as stated are unavailable to Sage Pay staff. When your details are supplied to us over SSLv3, the algorithm used is RC4, as it is for almost every major e-commerce site. SSL generates the encryption keys it uses for RC4 by hashing (using both MD5 and SHA1), so that different sessions have unrelated keys. Also, SSL does not re-key

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123