SECURITY
Our Commitment To Data Security:As part of our commitment to your online shopping data security, at www.jattrix.com, we have done or put in place the following which are reviewed and maintained regularly:
Privacy in Transit and Merchant Server Verification
This site is secured by a strong 128 bit (or better) SSL encryption when processing sensitive data such as during checkout when you enter your addresses and payment method information, or during registration and login when you additionally enter userid and password. These data are encrypted, scrambled and privately protected in transit - from you to our trusted processor. What does this mean?
According to the government and industry security experts around the world today, because of the strong encryption, if an unauthorized person maliciously "sniffed" or "eavesdropped" this communication they would harvest nothing but garbage and, with the best computer money can buy, it would take them many, many years to successfully decode the data; long after the data are of no use and your credit card has expired.
So watch for the key or padlock symbol on the status bar for proof of SSL encryption and pay with confidence using your credit card for your purchases on this site - www.jattrix.com; you may double-click on the symbol to review details of the SSL certificate for example, that the subject is really the merchant server identified as www.jattrix.com
Privacy at Rest (Encryption)
Your order details including userID and password are also scrambled and encrypted with a strong key cipher safely inside the information processing system. So even if someone was to physically steal the storage system from our service data center www.1and1.com they would still not be able to access your personal info because of the iron-clad encryption. With today's computers, the attacker would require hundreds of years to crack the key combination!
Access Control - Web
The only access for customers is through the web via the well known http service ports 80 (non encrypted) and 443 (encrypted). All other non-essential service ports are blocked by a powerful front-end firewall. In addition, all customer interactions requiring transmission of sensitive info across the internet to and fro our trusted processing partners are automatically switched over to the encrypted channel (port 443), and this is done transparently without any extra effort required of the customer.
Access Control - non-Web
As indicated, a powerful firewall serves as a sentry to block all access except those permitted to the store's server. Store's (server's) management access is permitted only via ssh access. As a customer who is really concerned with online security, you'll be happy to know that even the said ssh access is only allowed to approved management staff at their registered computer locations.
Your Responsibility:
As we both know, security is enhanced when everyone contributes. Security is only as strong as the weakest link in the chain of custody of your sensitive data. We have implemented steps to protect your data. To complement our efforts, we expect that you will participate as listed below, but certainly this is not an exhaustive list.
- Is your system clean? While we have invested to setup encrypted communication channel for your sensitive info, it is possible that your home computer (or work computer for that matter) already is infected with a class of malware called "key loggers", such that your entries are being harvested as you input them keystroke by keystroke. By the time you click submit for our channel to apply encryption, the entire information is already saved for immediate or future retrieval by the malware's owner. For this reason, we suggest that it is prudent to sweep/clean your system periodically with reliable anti-virus, anti-malware products for improved security.
- Internet shopping is now a fact of life and most people now shop online
at several stores yearly. Accordingly, customers sensitive information are being stored in
multiple places (each store usually has its own database). Although these sites
will store the information securely, it is still not a good thing to have one's sensitive
data in several places because the situation invites "multiple points of failure".
Additionally, you face the problem of creating, tracking and remembering multiple
userid/passwords (you shouldn't use the same userid/password across multiple stores - see
tip below). Wouldn't it
be great if the data could be entered once and saved in one, and only one, place and then
make payments securely for purchases from any store from this single source? Then if
there is a
breach it'll be easier to narrow down the problem to one's own doing or to the single source.
Such solution already exists. The popular ones are
Google Checkout™ and
PayPal™
Disclaimer: neither Google nor PayPal is paying us for this tip. However, the concept offered by either service is just so inherently aligned with enhanced internet shopping security that we decided to put it out here as one of the recommendations a customer can consider. - Protect your userID and password. Do not write down your password, do not share it with others.
- On this site---or on any authentication system for that matter---do not select and use a trivial password such as 123456 or 112233.
- Do not use a pet's name or birthday as your password.
- Do select easy to remember but difficult to guess password or passphrase. (You can think of a passphrase as a password you created, for example, using the first letter of the words in a sentence that only you can remember; even better if you combine the resulting passphrase with one or two numeric digits interspersed.)
- Regardless of where you access our store from (a browser at home, an internet cafe, or a public/airport kiosk), always remember to log out and close your browser after your session ends to ensure that others cannot access your private personal information. Even better, delete Cookies, Cache or Temporary internet Files (i.e., cleanup) before you close your browser. Use the online help feature of your favorite browser to determine how to realize this cleanup.
- If you order by phone, do not leave your credit card or other sensitive info on voice mail. Do not send your credit card info via email. You've probably heard that, once sent, an email can never be totally deleted. As a result, you don't want your credit card or other sensitive information floating and flowing on the internet.
- You may have heard of single sign-on (SSO), or centralized sign on (CSO), as a cure to solve the problem(s) associated with owning and maintaining several userID/password combos. It is in fact a worthwhile solution that easily achieves its promised return on investment when the same organization (with ts partners) own all the assets being protected with the SSO or CSO scheme. As an individual user, DO NOT implement this concept as a treatment for your own situation; that is, do not use the userID/password combination you use to access your bank same as in this store or your yahoo email or to access your Face Book account, etc. Make sure each account has separate and protected login credentials. If you like the idea and convenience of having a single userid/password with your payment information in one place for use with any and all shopping on the internet, then consider getting a Google Checkout or PayPal account (see tip above for more details).
- Do not click on links sent to you via emails. Go to the site directly by entering the address of the organization as you know it in the browser yourself. For example, if the organization you do business with is acmezzab corporation and you know their website is located at www.acmezzab.com, then open up a browser and enter http://www.acmezzab.com into the address field yourself. If you must click on the link, first verify the address by hovering the mouse on it (without clicking); or you can right-click it and select properties. If the properties verify with your expectation, then and only then you would click the link. If you're not sure, DON'T click it. Ignore it or call the owner organization to inquire about the details in the email.
- From time to time our website may contain links to other sites. Please be aware that we not responsible for the privacy and security practices of such other sites. We encourage you to read the privacy statements of each and every website that collects personally identifiable information. Our store's Policy as described herein applies solely to how we handle your information.
Categories
