Hutt St Chicken & Seafood Security

Store Security Overview

This online store is more secure than most online stores on the internet because:

  • It uses a strong SSL certificate.
  • It uses a trusted third party (Stripe) to store credit cards.
  • It uses a secure datacentre for its server.
  • Many other security provisions.

More information appears below.

SSL Certificates

Websites that do not have SSL certificate security are insecure.

Websites that do have an SSL certificate have a basis of security for the connection between the visitor's computer and the website's server computer. The strength of the security depends on the quality of the certificate and how it is managed.

This store uses an SSL certificate that has a 2048-bit key and which is signed using the SHA-256 signature algorithm. You can confirm that the store uses a certificate by confirming that your web browser displays a padlock icon when you visit the store. You can confirm the strength of the certificate by clicking on the padlock icon.

Our SSL certificates are issued by Let's Encrypt, a certificate authority that is widely trusted and which has, as at 28 June 2017, issued over 100 million SSL SSL certificates.

For security reasons, Let's Encrypt certificates expire after three months, so our certificate will never be older than three months.

Credit Card Security

When you enter a credit card here, it passes momentarily through our server's CPU, but we do not store it. Instead, we send it off to our e-commerce gateway service Stripe which stores the card securely, and returns us a special Stripe token (password) that can be used to instruct Stripe to charge your card, but only to our merchant facility.

We store this special Stripe password along with your cardholder name, the first and last four digits of the card number (so you can see which card it is in listings), and the expiry date (so we can remind you if your card is about to expire before it actually does). Storing the first and last four digits of a credit card does not compromise security. (see this page).

If an intruder were to get access to our server and access all our information, they wouldn't get your card number. All they would get would be the ability to charge your card to us (transactions that will be soon reversed in a batch) and not to an arbitrary merchant (where reversal might be more problematic).

Presuming that you trust Stripe's security (a reasonable assumption seeing as it is the foundation of their business), it's actually more secure to store your credit card here rather than enter it each time you order, because if you store a card card here, it will only pass through our server once, but if you enter it each time you order, it will pass through our server many times. Our server is secure, but it is not as secure as Stripe's.

Note: If you delete a credit card, we delete our record of it (cardholder name, expiry date, and last four digits) and we also instruct Stripe to delete it.

User Account Password Security

When you create an account on this store, your account password is not stored in plaintext. Instead, it is thrown away and only a hash of the password is recorded. This means that if a cracker were to obtain a copy of our database, it would be difficult for them to sign in to any account (including yours).

Website Physical Server Security

This store is hosted on a cloud of virtual servers hosted on a Digital Ocean secure data centre.

Other Security Provisions

There are many other security provisions deployed in relation to this online store. The founders of the company that provided this store have over 60 years of computer security experience between them.

Continuous Improvement

Most importantly, the security of this online store platform is continuously being improved. We are constantly looking for the weakest point in the platform and are taking measures to strengthen it.