Security

This website uses a ‘session cookie’. Your computer is allocated a random ID number by our web server for the duration of your visit. Session cookies allow you to store your chosen items in your shopping basket, without losing them, and to make the checkout process faster by having your delivery details ready to use.

The session cookie is only active while you are connected to clogau.co.uk and is instantly removed from your computer when you close your browser window.

Your safety is our priority. To ensure that your details are fully protected when you order from us we utilise several secure payment technologies, such as:

  • 256 bit SSL encryption to ensure that your card and personal details are completely secure.
  • Extended Validation SSL Certificates to verify who we are and that we are legitimate.
  • Address Verification System (AVS) to verify the address of a person claiming to own a credit card.
  • Payment Card Industry Data Security Standard compliance (PCI DSS) to show that we comply with and maintain 12 highly robust online safety measures.

HTTPS is a secure version of the Hyper Text Transfer Protocol (http) and ensures secure e-commerce transactions, such as online orders. 

When you connect to a website via HTTPS, the website encrypts the session with a digital certificate which scrambles any information that is exchanged between your computer and the website. This keeps your information safe from hackers. 

You will see an ‘s’ after the http and a ‘closed padlock’ symbol in Firefox and Internet Explorer/Edge next to the address bar. The address bar itself will also turn green.

When you use our website, our secure server encrypts any personal information you send us, including your credit or debit card number and name and address.

Encryption turns the information you enter into bits of code which are then securely transmitted to us over the Internet.

For that extra level of security, we use 256-bit encryption, rather than the usual 128-bit encryption that other websites use.

What's the difference? For the most part, 128-bit encryption is more than sufficient and complex enough to make it extremely unlikely that a potential hacker could access any information. However, as technology advances, it is expected that at some point the industry standard will have to shift to 256-bit encryption - but only in about 8-10 years time.

So, while it is not essential to use 256-bit encryption yet, we feel it is best to stay one step ahead and give you that extra level of security.

We use Extended Validation SSL Certificates so that your browser can clearly identify our organisational identity.

You can verify this information for yourself by clicking on the padlock symbol in Internet Explorer or the green tab near the address bar if you are using Firefox or Chrome.

The vetting process for an Extended Validation SSL Certificate is more extensive than for any other type of security certificate.

It verifies our identity, the validity of any data requests and the overall legitimacy of our business.

The certificate is issued by Thawte, a global authority providing extended validation SSL certificates and online security trusted by millions around the world.

A Thawte SSL Web Server certificate offers comprehensive authentication procedures whereby the certificate owner's corporate identity is verified by Thawte.

The certificate not only assures private submission of information between the web server and the client's web browsers, but provides assurance of the certificate owner's corporate identity.

AVS is a MasterCard service that combats fraudulent activity for non-face-to-face transactions by cross-referencing the cardholder’s address information with the card issuer’s records.

The verification system will check the billing address of the credit card provided by the user with the address on file at the credit card company.

This process reduces the risk of fraud and increases payment gateway security.

PCI DSS is a binding collection of rules that promote robust IT security processes. Clogau Gold uses PCI DSS to reduce the risk of financial fraud through heightened network security capabilities of whoever processes payment card information. PCI DSS compliances include: 

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software on all systems commonly affected by malware
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security

It is impossible for us to guarantee any secure transmission of details through email. If you do not wish to order through our website, you can always phone us on 0345 606 88 77.

Please contact us by phone on 0345 606 88 77 and we can put you through to our IT department.