Our Security Explained
At PharmaDoctor, we take the issue of online security very seriously. Below is information about some of the measures we take to ensure that your experience with us is as safe as possible. At the bottom of this page you will find some answers to questions that some of our patients have asked us.
We are registered in compliance with the Data Protection Act, Registration No. Z8959368.
We utilise a secure server encryption method to securely transfer all credit or debit card details and customer information. This is provided by GeoTrust. We have had no reports of any customers using a credit card to purchase at Pharma.MyonlineDoctor and subsequent acts of fraud being committed having used details illegally obtained via our site.
We use a secure server which encrypts your credit card information during transmission from the webpages to our database. A secure server webpage is different to a normal webpage. You will know you are on a secure webpage because the padlock (on explorer at the bottom and on navigator on the top toolbar) will be highlighted and closed. The web address will also change to indicate a secure server, so that it now starts with https://. When this happens you will know that any information you type into that page will be encrypted when it is sent out.
Encryption is used when you register or login to the website and when you are on the final purchase page. If, however, you visit Pharma.MyonlineDoctor from another website such as Freeserve, then a padlock will not be displayed in your Internet browser due to the Freeserve menu bar at the top of the screen. It is because of this bar the browser will not display a padlock, even though when you order the website uses https:// to send the details. If you came straight to pharma.myonlinedoctor.co.uk then this would show a padlock when an order was placed.
What level of encryption do we use?
We use 128bit SSL (secure socket layer) level encryption which is one of the most advanced encryption technologies available today. This is provided by Geotrust.
Any information sent over the internet is encrypted into an unbreakable code before it is sent. This ensures that no third party can intercept and decipher your personal information. It is certainly much safer than giving your credit card in a restaurant or mail order over the phone.
Do you keep my Credit Card details?
Your credit card details are transferred over a highly secure VPN (Virtual Private Network) to our authorisation server which is not directly connected to the Internet. You can save your card details for your next purchase, for your convenience. We will not save any card details on our system or server. Instead your card details will be stored securely by SagePay, our payment service provider. If you want to use a different card for subsequent orders just enter the card details when you come to pay.
What about Server and Firewall security?
Our database servers, where your personal details are stored, are not accessible from the internet and are monitored 24hrs. They are continually updated to have the latest versions of software ("patches") providing the highest levels of security and reliability available for those systems.
Pharmadoctor have invested in the highest standard firewalls available which are the same as used by many banks and telecom companies. These are dedicated hardware devices which deter and prevent hackers from reaching our systems. In the interests of security we do not provide details of these to third parties.
Q: What physical security do you have?
A: Our web and database servers are held in a totally secure purpose-built location with access only available to authorised and validated personnel using advanced code and fingerprint identification. There is 24 hour security and CCTV monitoring.
Q: I'd like some further reassurance.
A: Since 2012 we have complied with Mastercard and Visa's Payment Card Industry Data Security Standards (PCI DSS) for ensuring data security within the website and that we have policies and procedures in-place within our organisation. PCI DSS have very strict standards which every online seller must comply with.
If you have any further questions please feel free to email us.