Compliance
PrivateMeds is compliant with the Payment Card Industry Data Security Standards (PCI DSS),
which is the internationally recognised standard of best practice in processing and storing
payment card data. We are registered in compliance with the Data Protection Act, Registration
No. Z1472082.
Key Security Measures
In order to gain and maintain compliance with PCI DSS, PrivateMeds must adhere to stringent
policies and procedures that ensure the highest possible level of data and physical security.
Every month this security is tested by security experts approved by MasterCard and Visa who
attempt to penetrate our defences with all know attacks and report back to us the results of
their efforts so we can continually upgrade our security. Over nearly 10 years of internet
trading, we have had no reports of any customer using a credit or debit card to purchase at
PrivateMeds and subsequent acts of fraud being committed having used details illegally
obtained via our site.
The sections below describe some of the main elements of our security efforts:
- All PrivateMeds staff who have access to important data are criminal record checked,
and their access to and use of your data is continually monitored and auditable.
- Our IT systems are protected by fire walls, have the latest security updates, are
not directly accessible from the internet and monitored constantly.
- All sensitive data (including payment card data and email addresses) are encrypted
to industry best practice standards when we store it. Certain data will never be stored
such as the security strip number from the back of your payment card.
- All our web pages where you provide us with data use SSL (Secure Socket Layer)
128bit encryption to read and write data from our databases. The SSL certificate is
independently issued by Geotrust and is your guarantee of security and authentication
of our company.
- Information sent within our company network systems is separately encrypted using
VPNs and additional message encryption.
- Our database servers are held in a purposely designed and highly secure vault
location using advanced code and fingerprint identification controlled access. There is
24 hour security and CCTV monitoring.