WorldPay Security Overview
Security is probably one of the most significant concerns for both shoppers and retailers during an online transaction. However, in reality, an online transaction is probably more secure than a card transaction in a shop or conducted over the telephone or by fax, as the information transmitted online is strongly encrypted using complicated logarithm combinations.
The WorldPay payment system uses a combination of both established and innovative techniques to ensure the security and integrity of all sensitive data. Furthermore, our public web servers are certified by Thawte, a public Certificate Authority, ensuring that both the shopper and retailer can have confidence that nobody can impersonate WorldPay to obtain confidential information.
Transaction Encryption
The transfer of the purchase details from the retailers site to Worldpay are encapsulated using our own encrypted and digitally-signed protocol. This uses a combination of standard methods such as PGP, RSA and MD5 to ensure that the information passed is secure and tamper-proof via SSL. See Purchase Token Security for details.
Security for the Shopper
Any communication between the shopper and WorldPay is also encrypted to the maximum strength supported by the shopper's browser using 128 Bit SSL. Shoppers are also protected from fraudulent use of their card in a "card not present" environment, by their card issuers. The card issuers provide the right for shopper to dispute a transaction if the goods/services did not arrive or if the card was used fraudulently.
Data Storage
Data storage on WorldPay systems, and the communication between WorldPay and the worldwide banking networks, is regularly audited by the banking authorities to ensure a secure transaction environment. We also ensure that we stay up-to-date with the latest versions of any third-party code we use, and continually review our own proprietary code.
Fraud Prevention
We check who the Shoppers are, to reduce fraud
WorldPay - and its Banking partners - support these anti-fraud measures for online transactions:
These anti-fraud measures enable us to reduce our exposure to fraud, by identifying shoppers who are genuine cardholders, before - and after - the shopper finishes paying for their order.
What fraud checking comes as standard?
We make standard checks on every transaction we process (in 'real-time' - so while the shopper waits for confirmation), by communicating with the card issuer, to see that:
- the card number is valid
- the card has not expired
- the card is not recorded as lost or stolen, and
- there are available funds in the account
We also make real-time checks on the card details entered by shoppers. As part of our standard service, WorldPay communicates with the card issuer to verify the following details as entered by shoppers:
| 
