Security Policy
About Trade Web Solutions
A limited company registered in the United Kingdom, Trade Web Solutions is an internet marketing consultancy with more than 12 years experience of providing eCommerce related services to clients from around the region.
About Our Role
We provide consultancy, design, development and hosting services. We develop secure eCommerce websites and we advise our clients how to operate them in accordance with industry standard “best practice” procedures.
About Our Software
We work with several “out of the box” eCommerce applications which are licensed from third parties and which we recommend based on the result on an independent security audit carried out in-house.
About Our Development Service
We handle all technical aspects of store configuration on behalf of our clients and implement testing and quality control procedures to ensure that their stores are configured securely.
About Our Network
We operate our own network where we provide clients with a high-specification hosting service designed specifically for eCommerce. The network operates from dedicated servers located in secure data-centre facilities in London and Manchester.
Our network is protected by a firewall and is further isolated from other networks using VLAN switching. We use anti-virus and intrusion detection software and closely monitor our server log files.
About Our Payment Processor Policy
We advise our clients to use a third-party payment service provider to handle transactions on their behalf. We support all of the major payment service providers and we implement Verified by Visa and Mastercard 3D Secure.
Where the client prefers to process payments on their PDQ terminal we require that they delete payment details once the payment has been processed, and we enforce this policy by automatically deleting payment details after 30 days.
About Our Data Encryption Policy
We are a Thawte Partner and we provide each client with a Thawte signed security certificate for use with their store. We require that SSL encryption be used on all pages which collect sensitive information.
Our software stores payment details in a strongly encrypted form within the store's database, and as a matter of policy we require that encryption be used whenever sensitive information is transmitted across the network.
We hold data on dedicated database servers located in physically secure data-centre facilities in London and Manchester. We require that data be stored on an encrypted file-system if it is to be transferred outside of the data-centre.
About Our Data Access Policy
We limit our staff's access to our client's data, and we provide each member of staff with a unique login so that we can monitor their activities and disable their access if required. We advise our clients to implement similar procedures.
We do not provide any third party supplier with access to our client's data, we take care to comply with UK data protection legislation, and we do not transfer data outside of the European Union.