Our Security Standards
- How can I tell if a web page is properly secured?
- What security checks are done for online payments?
- What is a card verification number?
- What is Verified by Visa and MasterCard SecureCode?
- How does it work?
- What do I need to do to register?
- What if I am already registered?
- What if I choose not to register when prompted?
- Where can I find more information about safety online?
- Are your payment systems PCI compliant?
- Security statement
- Useful external links
Your transaction takes place within a secure payment system. We use Secure Socket Layer (SSL) technology, a standard supported by most major Internet browsers. All of your personal and card details are protected using 128 bit encryption, when transmitted over the Internet.
This is indicated on Haringey's online payment page in two ways:
- by the yellow padlock symbol which indicates that the company has been independently checked.
- by the web address prefix 'https', instead of the usual 'http'.
If you double-click on the padlock, details of Haringey Council’s secure payments certificate can be viewed. The certificate was issued to Haringey Council by Thawte, and their details and information on the SSL scheme can be viewed at their website (please see the external links section below).
Additional security checks are now required on all card payments. This is to reduce any possible fraudulent use of cards for online transactions. These checks mean you may be asked to provide additional information to confirm your payment.
This is sometimes referred to as a CVC or CV2 number, but is a mandatory requirement and is the three digit security code on the signature strip on the back of the card.
Verified by Visa and MasterCard SecureCode provide stronger identification for online payments, enhancing security for card transactions over the Internet. Both are based on 3D Secure protocol, a technical standard developed by Visa and MasterCard.
You only need to register with Verified by Visa or MasterCard SecureCode once to create your password for credit/debit card. Then whenever you make a payment online using your card you will be asked to enter a password as additional validation before the payment is confirmed.
The details you enter in this process will be submitted to your card issuer over a secure link and at no time is this information held/viewed on any Haringey system.
To register for Verified by Visa or MasterCard SecureCode you need to use the links in the external links section below.
If you have already registered for either Verified by Visa or MasterCard SecureCode you need to enter your personal Visa or MasterCard password as instructed.
If during the payment process you are prompted to activate 3D secure and choose the option 'No Thanks' your payment will be declined. This is a payment card industry standard feature and is not operated or controlled by Haringey or our online payment system.
It is therefore recommended that if you do experience this issue whilst attempting to make a payment you do the following:
- Pre-Register your card via the card providers website or via the links to Verified by VISA or Mastercard SecureCode – Haringey would advise all customers, where possible, to sign up to 3D secure because of the additional security this offers whilst using any online payment system
- Activate the 3D Secure feature during your payment process – this will take you to an external screen operated by your card provider – see above statement
- Refer the issue to your card provider if you are not interested in the additional security features of 3D Secure as they might be able to remove the activation page that appears
If you require further information on 3D secure for both Visa and Mastercard, advice on making payments online or fraud initiatives please see the external links section below.
There are a number of useful websites that provide information and advice on Internet payment security. A list of websites can be found in the external links section below.
Haringey's payment systems are provided by Civica UK Ltd who achieved PCI DSS compliance in August 2008 in accordance with Payment Card Industry Data Security Standard (PCI DSS) Level 1 for their payment solutions. Civica also achieved Payment Application Data Security Standard (PA DSS) compliance in 2009 and was one of the first software suppliers to gain this accreditation.
Information about this payment card security standard can be found at the PCI Security Standards website (external link)
All data handled by Haringey Council must comply with the Data Protection Act 1998.
- Principle 7 of the Act states - "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data".
Haringey Council takes its duty to protect personal information belonging to the public which it serves very seriously; therefore the levels of security used to take your payment are amongst the most stringent on the Web.
All of the information entered into the form is encrypted before it is transmitted between your computer and ours.
Your credit or debit card details are also stored in an encrypted format to prevent any unauthorised access.
Haringey Council’s IT section were the second Local Authority to achieve BS7799 certification for security.
We will only use your card details for the payment you authorise. We will not disclose your card details to any third parties other than the bank which processes them for payment.
There is less risk of fraud to a customer making a credit or debit card payment on a properly secured web page, than any other method of credit or debit card payment.