Your Security - Q&A
Q: I'm worried about sending my credit card details over the Internet. Should I be? Can I phone my credit card details instead of using the Web?
A: Maximuscle have taken many precautions to keep your credit card details safe. All credit card information that is transmitted from your computer to the Maximuscle server is encrypted using the Secure Socket Layer (SSL) protocol.
We use a secure server with state-of-the-art encryption and Secure Socket Layer server technology. There has never been a case in which any of our consumers lost money as a result of fraudulent card use resulting from a breach of our security as data was transmitted over the Internet. It is widely joked in the e-commerce industry, that you have more chance of becoming a victim of credit card fraud by handing your card to a waiter in a restaurant than by sending it over the Internet using SSL. If you do not have a secure browser, or you still feel that you would prefer not to send your credit card details even with a secure browser, you are welcome to order by phone from 8am-5pm on Monday-Friday (01442 418500).
Q: Will you sell my email address to other people who will send me junk mail?
A: No, we won't. In fact, we won't sell your email address to any other organisation. Since customers value their privacy, our business depends on protecting it.
Secure connections on the Maximuscle store are verified and authenticated using our secure server certificate, issued to us by BT Trustwise/Verisign. You can also check the validity of our certificate by double clicking on the glowing padlock that appears on the bottom left or bottom right corner of your browser. Alternatively, please examine the security settings of your browser.
Our server certificate uses strong 512 bit encryption which means that when it's possible (i.e. your browser is capable), the server will encrypt its communications using this higher level of encryption. If the browser isn't capable of communicating at 512 bits, the server will switch down to 128 bit or 40 bit encryption. The possibility of someone being able to intercept and decrypt the secure communication between browser and server is very slim indeed.
An SSL connection is initiated by the client (normally a Web browser) by requesting a document to be sent through the HTTPS protocol as opposed to the standard HTTP protocol. This is done by by simply prefixing the URL by "https" as opposed to "http". For example: http://server.domain.com/index.html requests the document index .html be sent through the standard HTTP protocol, whilst https://server.domain.com/index.html requests the same document be sent using the HTTPS protocol which incorporates SSL.
Here in detail are the steps taken during an SSL (Secure Socket Layer) transaction:
• The client sends a request for a document to be transmitted using the HTTPS protocol by prefixing the URL with "https".
• The server sends its certificate to the client.
• The client checks if the certificate was issued by a Certificate Authority (CA) it trusts. If not, it gives the user the option to continue or to terminate the transaction.
• The client compares the information in the certificate with the information it just received concerning the site: its domain name and its public key. If the information matches, the client accepts the site as authenticated.
• The client tells the server what ciphers, or encryption algorithms, it can communicate with.
• The server chooses the strongest common cipher and informs the client.
• The client generates a private (or session) key using the agreed cipher.
• The client then encrypts the session key using the server's public key and sends it to the server.
• The server receives the encrypted session key and decrypts it with its private key.
• The client and the server then use the session key for the rest of the transaction.