Sounds Live is fully compliant with the Payment Card Industry Data Security Standard (PCI-DSS) protocol and regularly reviews security to ensure that all the necessary measures are in place to protect both sensitive card holder and customer information.

How safe are Your Details if you Order with Sounds Live?

In a word 'Very'! Note that the only information data based by Sounds Live simply relates to customer contact details, and that data is subject to a 256 bit Military Grade encryption process. To further tighten security and to offer maximum protection with regards to sensitive cardholder information, your card details are not captured by our database, they are instead fed directly to a Payment Card Industry Data Security Standard (PCI-DSS) certified processing gateway, SecPay (www.secpay.com).

Merchants, or on-line retailers, may use one of two protocols to process card payments, Merchant Server Plug-in (MPI) or CPI. Under MPI, as on many websites, the merchant captures and databases your sensitive cardholder information. Whereas under CPI, all card details are handled by a secure payment processing house.

We use the more expensive and secure protocol CPI, via a fully PCI-DSS certified payment processor, or gateway, SecPay. Therefore, as far as the security goes we provide the highest levels that are currently available within the Payment Card Industry.

With regards to shopping elsewhere, always check out their security policies, if listed, and always ask if unsure!

Security Measures

1. The Sounds Live site has a Thawte SSL Certificate (www.thawte.com) and all secure areas, e.g. the shopping cart, use Military Grade 256 bit encryption.
2. Sounds Live uses a fully PCI-DSS (Payment Card Industry Data Security Standard) certified Payment Processor, SecPay under the CPI protocol.
3. Sounds Live uses a third part secure hosting company (Rack Space). Rack Space hosts our site and maintains our server and is one of the UK's top hosting companies (information available at www.rackspace.co.uk ).
4. All personal non-card data captured by our server is again subjected to 256 bit encryption.
5. Sounds Live only uses a dedicated server and a dedicated MSQL, to address the risk presented by cross-contamination if using a shared server.
6. Sounds Live continually reviews and updates security on its site via PCI-DSS compliance certificates.

Overview and Explanation of Terms, Buzz Words and Protocols

SSL is an abbreviation for Secure Socket Layer. In short SSL is a protocol that enables customers to transmit information securely to websites. When you place an order with us you will receive a message confirming that you are about to start viewing pages over a secure connection - what this means is that all information sent from your computer is encrypted using SSL, so there is no danger of your credit card or address being "stolen" by anyone else on the Internet.

There are two payment protocols that merchants, or retailers, may use when processing on-line (internet) or telephone orders, MPI (Merchant server Plug-in) or CPI. If using MPI, merchants capture all the data required to process payment, including highly sensitive credit and debit card details. As a result any customer using a web site operating MPI has to rely completely upon the 'in-house' security of that merchant, who may not be PCI-DSS compliant. Note that non-compliant websites are vulnerable to hackers and as a result they may compromise your card data.

However, if a merchant uses CPI, they only capture customer contact and order details, the card details are captured separately by a dedicated payment processing house. Although the security of a payment processing provider, or gateway, will generally be far higher than that of a merchant, they may not necessarily be PCI-DSS compliant and fail to hold a PCI certificate. Therefore, it is always advisable when shopping on-line to check how your card details are being handled!

For reference, Sounds Live uses CPI via Secpay (www.secpay.com), a fully PCI-DSS compliant and certified gateway to process payment for all internet and mail order/ telephone sales. SecPay, in line with the PCI-DSS, are required to undergo official quarterly security audits and penetration testing to remain PCI-DSS certified.

Sounds Live does not use a shared server, we use a dedicated server and dedicated MSQL, which is operated within a highly secure environment and monitored by professionals (Rack Space). Contrast this approach to some companies who have their server tucked away in the corner of some room, or others who as a cost saving exercise even use a shared server. Note that if a company uses a shared server they will be sharing the same server with several other companies, who all host or rent space from the same server - hence the term. However, the risk of using a shared server is that if any of the organisations sharing the same server fall victim to a hack, the result may lead to the creation of a 'porthole', which hackers can use to access all the data held by all the other companies sharing the same server, i.e. cross-contamination.

To take the issue of security to the nth degree, Sounds Live even uses Hacker Safe to monitor security on a 24/7 basis. Hacker Safe essentially tries to hack into our site, by using continual penetration testing. The aim of the process is to try and identify any potential weaknesses, or vulnerabilities, which if found can be instantly corrected. For reference, other companies that use Hacker Safe include Nike, Sony and Prudential.

Today, Billions of pounds of business are transacted securely over the Internet and we, as the above text explains, have made every effort by complying with the industry standard PCI-DSS protocol to ensure your details are protected when ordering from us.