security statement - Optimal Payments
The following information is provided by our 3rd party credit card processing organization, Optimal Payments. Internet processing of credit cards has proven to be much more secure than presentation of your credit card to a retail establishment.
How SSL Encryption Works
Our Company uses the industry standard security protocol Secure Sockets Layer (SSL) to encode sensitive information like your credit card number that passes between you and the Company. SSL works by creating a temporary, shared "key" (sort of a digital code book) that lets only the computers on either end of a transmission scramble and unscramble information. To anyone between the sender and the receiver, including all the servers that may relay the message, the SSL transmission is indecipherable gibberish.
Our Company feels SSL makes ordering online just as secure as using your credit cards anywhere else. In fact, after millions of online transactions worth billions of dollars, none of our clients has ever reported misappropriation of a credit card number protected by SSL technology.
Exchanging "Hellos"
When your browser lands on a secure Web page, the server hosting the secure site sends a "hello request" to the browser. The browser replies with a "client hello." In networked environments, individual PCs are often called "clients." The server responds with a "server hello." This allows your browser and the Web page to determine the encryption and compression standards they both support. They also exchange a "session ID," a unique identifier for that specific interaction. Once they have greeted each other, the browser asks for the server's "digital certificate." It's the online commerce version of saying "Can I see some ID, please?"
A Digital Certificate
Online companies get digital certificates from a Certificate Authority, like RSA Data Security Inc. or VeriSign Inc. A Certificate Authority verifies a company's identification and then issues a unique certificate as proof of identity.
Sharing the Key
After your browser and our server have shaken hands and your browser has checked our digital certificate, your browser uses information in our digital certificate to encrypt a message back to us that only our server can understand. Using that information, the browser and the server create a "master key." This master key is like a codebook that both sides can use to encode and decode transmissions. Only your browser and our server share that master key and it's good only for that session. Using the unique, shared key, your browser and our server can exchange sensitive information, like your credit card number, in a way third parties can't understand.
When you surf off a secure site, the master keys you once held in common become useless, since they are good for one session only. When you go back to the secure site again, your computer and the server will go through the whole process again and create another master key.
Is It Safe?
SSL makes your online purchases extremely safe. The way to break an SSL encryption is with brute force by intercepting the encrypted message containing your credit card number, recording it, and then using a computer to try every possible combination until the master key is cracked. To combat even that approach, most keys range from 40 to 1,024 digits long (each digit is either a 1 or a 0). As the number of digits in the key gets longer, the number of possible combinations grows into the trillions. Therefore, the longer the key is the more secure it is.