SECURITY POLICY
COOKIES
Cookies When adding items to your shopping basket (and for account customers personalising your site) the information is stored in a cookie - this is saved as a text file on your computer ('yourname@www_NBG_co.txt' in Internet Explorer, line www.foursys.co.uk in 'cookies.txt' in Netscape) that can only contain text information. This is not an executable file, and so cannot contain a virus or any harmful files.
For account customers, using the 'Auto Login' feature stores your password in this cookie - this feature should not be used (or turned off after use) if you think access to your computer is not secure.
SECURE SOCKETS LAYER
For account and credit card customers we require you to use this site with Secure Sockets Layer. This encrypts all information sent between our server and your computer, ensuring all your account information (and card details) are not viewable by anyone else. You may get a warning message telling you that you are entering a secure zone and given the option of viewing the security certificate for this site. This certificate has been provided by VeriSign, the biggest verification company on the web - details of their Digital ID System can be seen below.
Once you are in the secure site, you will have a locked yellow padlock (or complete key) to show you that you are viewing a secure web site. Double clicking on this padlock will show you our certificate information.
THE DIGITAL ID SYSTEM
WHAT IS A DIGITAL ID?
A digital certificate, also known as a Digital ID, is the electronic equivalent to a passport or business license. It is a credential, issued by a trusted authority, that individuals or organizations can present electronically to prove their identity or their right to access information. When a Certification Authority (CA) such as VeriSign issues Digital IDs, it verifies that the owner is not claiming a false identity. Just as when a government issues a passport it is officially vouching for the identity of the holder, when a CA gives your business a digital certificate it is putting its name behind your right to use your company name and Web address.
HOW DO DIGITAL IDS WORK?
The solution to problems of identification, authentication, and privacy in computer-based systems lies in the field of cryptography. Because of the non-physical nature of electronic communication, traditional methods of physically marking transactions with a seal or signature are useless. Rather, some mark must be coded into the information itself in order to identify the source and provide privacy against eavesdroppers.
One widely-used tool for privacy protection is what cryptographers call a "secret key." Log-on passwords and cash card PINs are examples of secret keys. Consumers share these secret keys only with the parties they want to communicate with, such as an on-line subscription service or a bank. Private information is then encrypted with this secret key, and it can only be decrypted by one of the parties holding that same key.
Despite its widespread use, this secret-key system has some serious limitations. As network communications proliferate, it becomes very cumbersome for users to create and remember different passwords for each situation. Moreover, the sharing of a secret key involves inherent risks. In the process of transmitting a password, it can fall into the wrong hands. Or one of the sharing parties might use it maliciously and then deny all action.
Digital ID technology addresses these issues because it does not rely on the sharing of secret keys. Rather than using the same key to both encrypt and decrypt data, a Digital ID uses a matched pair of keys which are unique complements to one another. In other words, what is done by one key can only be undone by the other key in the pair.
In this type of key-pair system, your "private key" gets installed on your server and can only be accessed by you. Your "public key" gets widely distributed as part of a Digital ID. Customers or correspondents who want to communicate with you privately can use the public key in your Digital ID to encrypt information, and you are then the only one who can decrypt that information. Since the public key alone does not provide access to communications, you do not need to worry about who gets hold of this key.
Your Digital ID tells customers and correspondents that your public key in fact belongs to you. Your ID contains your name and identifying information, your public key, and VeriSign´s own digital signature as certification.
HOW DO SECURE SERVER IDS WORK?
VeriSign Secure Server Digital IDs allow any server to implement the Secure Sockets Layer (SSL) protocol, which is the standard technology for secure Web-based communications. SSL capability is built into server hardware, but it requires a Digital ID in order to be functional.
With the latest SSL and a Secure Server Digital ID, your Web site will support the following functions:
- Mutual Authentication. The identity of both the Web server and the customer can be verified so that all parties know exactly who is on the other end of the transaction.
- Message Privacy. All traffic between the Web server and the customer is encrypted using a unique "session key." Each session key is only used with one customer during one connection, and that key is itself encrypted with the server´s public key. These layers of privacy protection guarantee that information cannot be intercepted or viewed by unauthorized parties.
- Message Integrity. The contents of all communications between the Web server and the customer are protected from being altered en route. All those involved in the transaction know that what they´re seeing is exactly what was sent out from the other side.