Chocolate Information, Policies

Secure Online Payment

We provide secure online payment with two option:-

  • PayPal Express – this is a new option allowing PayPal account holders to fast checkout and avoid filling out address details that are already held in a PayPal account. After selecting your payment method and shipping address with PayPal you will return to our site to review and change shipping options if desired, and add any order notes or gift messages. You need to press the Place Order button on our site to complete the order and send the final shipping inclusive price back to PayPal.  Note you can pay through PayPal without being an account holder if you prefer PayPal to SagePay or want to open an account with PayPal. Note  PayPal express pre-authorises payment before the final shipping and tax destination is chosen at the checkout and final amounts sent to PayPal. Hence the amount initially shown in PayPal may differ from the final payment shown on the checkout page. The amount charged to PayPal will be the final checkout total when you click Place Order
  • SagePay – you can pay by card through Sage Pay the UKs largest independent payment processor in conjunction with AIB.

Please note that we don’t process or store any card details on our website. We do gather personal information in order to ship your order and this is done via an encrypted checkout pages using a Comodo Positive SSL security certificate (you see the padlock sign in your browser).

We pay an external security company Siteguarding to carry out daily server side deep scans on our website with a security report sent to us each day. Our site is hosted on a server based in London. We have a firewall and other security measures in place including automatic security updates.

    • Secure online payment via Sage Pay or Paypal
    • We accept most major credit and debit cards.
    • We never get to see your credit card number.
    • Your Credit card details are not stored on our servers they are processed by Sage Pay or PayPal.
    • We cannot increase the amount you pay, we can only refund you.
    • If you have any concerns or questions regarding online payment please call us on 01225 811125

Update October 2015

SagePay have recently issued information on coming payment industry changes to security certificates. The information is reproduced below but essentially if you start to see security certificate errors when you transfer to SagePay from our website, or indeed other online shops or payment providers, you may need to upgrade your web browser to a more modern version.

Security Update on Industry Changes

In order to keep you up to date with the latest industry changes, here are a few FAQs about the recent (SagePay) security update.

In the coming months all payment providers are required to upgrade their systems to only allow SHA-2 in order to order to increase their security and keep pace with industry standards.  Sage Pay will be making these changes along with other providers.

What is a security certificate?

All secure websites using SSL or TLS connections – pages displaying https or padlocks – need to be issued with a valid SSL security certificate.  This allows an incoming browser or server to identify and validate the site’s certificate before passing any secure information over the connection.

Browsers usually indicate to the user (shopper or website) that the certificate has been validated successfully (and in this instance issued by DigiCert).

 

What is SHA?

SHA is otherwise known as “Secure Hash Algorithm” and is the method used during the validation of a websites security certificate.  Up until now SHA-1 has been the accepted method of doing this. Developed back in 1995 SHA-1 has been the preferred method of validation.  This is also the method that is used by our current security certificate.  Now due to the major web browsers withdrawing support for SHA-1 it is being phased out.

SHA-256 or SHA-2 as it is known is the newer more secure version of the algorithm and the preferred method for all security certificates. Over the coming months all browsers will phase out SHA-1 and replace this with SHA-2 (SHA-256).  To address this issue, Sage Pay (along with the majority of other payment gateways and online banking web sites) are updating web certificates for all payment pages and forms.

 

What do I need to do?

Most new versions of the browsers are both SHA-1 and SHA-2 compatible so there isn’t any action that is needed if you have an up to date browser. If a customer or website is using an older version of their browser they will need to upgrade to a newer version to avoid any problems.

What will I see?

Browsers that are not upgraded to SHA-2 run the risk of generating and displaying a security certificate error.

If you do not see these errors your browser will be in line with the SHA-2 requirement.

Useful links

Recommended