OUR SECURITY AND HOW WE KEEP YOUR INFORMATION SAFE
OUR SECURITY AND HOW WE KEEP YOUR INFORMATION SAFE
We diligently work to maintain our online security to the highest possible standards. Controls that we use across our online infrastructure include:
* Robust and multi-layered security of servers and applications.
* Multiple layers of internal and external firewalls which protect our online environments.
* Regular reviews of our security practices and technology updates.
* Regular reviews to ensure our security and privacy policies and standards reflect our industry leading position.
* Use of Secure Socket Layer (SSL) 128-bit encryption to protect the information you send or receive from our secure sites.
* Use of encrypted password log-ons to Shoppersmist secure websites to help safeguard against unauthorized access to your accounts.
* Automatic session terminations when extended inactivity is detected. This helps to protect your accounts if you are called away from your computer.
We use several layers of proven security technologies and processes to provide you with secure online access to your accounts and information. These are continuously evaluated and updated by our experts to ensure that we protect you and your information. These include:
* Secure Socket Layer (SSL) Encryption
* Computer Anti-Virus Protection
* Data Integrity
* Ensuring Your Online Safety
Secure Socket Layer (SSL) Encryption
When you successfully login to any of Shoppersmist websites using an authentic user ID and password, our web servers will establish a secure socket layer (SSL) connection with your computer. This allows you to communicate with us privately and prevents other computers from seeing anything that you are transacting – so you can conduct online business with us safely. SSL provides 128-bit encrypted security so that sensitive information sent over the Internet during online transactions remains confidential.
To protect our users, we provide secure private websites for any business that users conduct with us. Users login to these sites using a valid client number or username and a password. Users are required to create their own passwords, which should be kept strictly confidential so that no one else can login to their accounts.
We use a multi-layered infrastructure of firewalls to block unauthorized access by individuals or networks to our information servers.
Computer Anti-Virus Protection
We are continuously updating our anti-virus protection. This ensures we maintain the latest in anti-virus software to detect and prevent viruses from entering our computer network systems.
The information you send to one of our secure private websites is automatically verified to ensure it is not altered during information transfers. Our systems detect if data was added or deleted after you send information. If any tampering has occurred, the connection is dropped and the invalid information transfer is not processed.
Privacy & Security Canada > Glossary
* Cable Modem
* Certification Authority
* Cipher, Ciphertext
* Digital Certificate
* Digital Signature
* End-to-end Security
* Non-Persistent Cookie
* Persistent Cookie
* Public Key Encryption
* Public Key Infrastructure (PKI)
* Secure Electronic Transaction (SET)
* Secure Socket Layer (SSL)
* Security Holes/Bugs
* Smart Card
* Symmetric Key Encryption
* Trojan Horse
* Web Beacon
A procedure, formula or list of instructions that can be used to accomplish a task or to solve a problem. In mathematics and computer science, an algorithm is usually a procedure used to solve a recurring problem.
The process by which individuals and organizations verify each other's identity during the exchange of sensitive and confidential information: on secure websites, customers are usually authenticated using IDs and passwords. Customers can ensure that they are dealing with the party they intend to communicate with by examining the secure website's security certificate.
A software application that interfaces with the Internet and provides a way to locate, display and interact with web pages. Examples include Microsoft Explorer, Netscape, Safari and Firefox.
Devices that provide high-speed Internet access using cable television networks. Like DSL, cable modems offer continuous connection to the Internet without having to dial into an Internet Service Provider (ISP) each time you wish to connect to the Internet.
Temporary storage: e.g. web pages you visit may be downloaded to your computer and stored in your web browser's cache, which is physically located on your computer's hard drive. When you return to a recently visited web page, your web browser can retrieve it from the cache rather than from the web server where the page is hosted. This cuts down the retrieval time and helps minimize Internet traffic.
Certification Authority (CA)
A trusted third party that issues certificates that can be used by individuals or organizations to verify their identity or credentials. Certificates generally contain the certificate holder's name, their public key, an expiration date, a serial number and identifying information about the certification authority that issued the certificate, including their digital signature.
Any method used to turn plain text into an unreadable and meaningless form. Ciphertext is text that has been encoded into this unreadable form. This often involves the use of a mathematical formula to encode plain text into ciphertext and a key to decode the ciphertext.
A small file containing a unique identification number that a website sends to your computer's web browser. When you visit a website, a cookie may be used to track the activities of your browser as well as provide you with a consistent, more efficient experience. The two common types of cookies are persistent and non-persistent. Cookies cannot view or retrieve data from other cookies, or capture files or information stored on your computer. Only the website that sends you cookies is able to read them.
This represents a set of mathematical techniques to encode information so as to make it unreadable by anyone who does not have the correct key. The original text is combined with one or more keys, numbers or strings of characters known only to the sender and recipient. The resulting encoded, unreadable text is known as ciphertext.
A digital stamp that uses encryption to certify where an electronic document came from. Digital certificates allow individuals or organizations to verify each other's identity online. They are issued by a certification authority and contain the name of the certificate holder, a serial number, expiration dates, a copy of the certificate holder's public key (used for encryption messages and digital signature) and the digital signature of the certificate-issuing authority so that the recipient can verify that the certificate is real.
Like a hand-written signature, this can be added to electronic documents or transactions to provide: authentication (proof that you are who you say you are); non-repudiation (proof that an exchange or transaction took place); and integrity (so that any attempt to alter information would be detected).
Digital Subscriber Line Technology (DSL)
Provides high-speed Internet connections over ordinary telephone lines. Like cable modems, DSL offers significantly better download and upload times than dial-up modems and provides "always-on" connection capability. DSL subscribers can use telephones and surf the Internet simultaneously because the technology separates the signals.
The process of scrambling or encrypting information into a form that cannot be read or understood unless you have the corresponding key. Very similar to secret code, encryption changes information from being readable to being unreadable and back again using complex mathematical algorithms known as keys. It is not possible to change encrypted information back to unencrypted information without the correct key.
Occurs when information flows from the web server (where the website is physically hosted) to the web browser without passing through any other servers. Information exchanged between the point of origin and the point of destination is encrypted to further ensure security.
A combination of industrial strength computer hardware and software designed to securely separate the Internet from internal web servers, computer systems, networks and databases. Firewalls keep unauthorized Internet traffic off a company's web server or computer network and can be set up to warn network managers if they detect intruder attempts.
In cryptography, a key is complex mathematical algorithm applied to clear text, readable information, to produce encrypted unreadable information, or applied to encrypted information to change it back to the original readable format. The longer the key, the more difficult it is to decrypt the information should an unauthorized third party intercept it
A blend of the words "malicious" and "software," malware includes computer viruses, worms, Trojan Horses, spyware and a multitude of other damaging and unwanted software. It is software that is designed to enter or damage a computer system, without the user's knowledge and/or informed consent.
Non-persistent cookies do not permanently record data and they are not stored on your computer's hard drive. Rather, non-persistent cookies are stored in memory and are only available during a single active session. Once a session ends, the cookie disappears. Non-persistent cookies are used primarily for technical reasons, like providing seamless navigation so users can navigate through webpages without having to log on to each separate page they visit.
Persistent cookies are stored on your computer's hard drive where they remain resident until they are either deleted or they reach a predetermined expiration date. Persistent cookies are most commonly used to provide visitors with a customized experience by recording preferences such as how a visitor prefers to have his/her web pages displayed. Additionally, cookies are commonly used to gather statistical information such as the average time spent on a particular page. This kind of information provides insight on how organizations can improve the design, content and navigation of their website.
A software module that adds a specific functionality to a web browser. For example, plug-ins will allow browsers to display various types of audio and video messages or popular Adobe Acrobat (PDF) files.
Public Key Encryption
This process uses a pair of private and public keys that are mathematically related for the encryption and decryption of information. The public key is made widely available to parties who want to communicate with the private key issuer/holder in a secure manner and it is the key used to encrypt the information. The private key is never shared and remains private to the issuer/holder of the public key and is used to decrypt the information.
Public Key Infrastructure (PKI)
Allows users to encrypt sensitive information, so as to exchange it over the Internet in a private manner using special "keys", a public and private key pair that is obtained through a certification authority. The public key infrastructure uses a digital certificate to identify the individual attempting to decrypt information.
Secure Electronic Transaction (SET)
An open technical standard for the commerce industry, developed by Visa and MasterCard, to facilitate secure credit card payment transactions over the Internet. Digital Certificates are used throughout the transaction, verifying cardholder and merchant. SET may be used by software vendors, merchants, financial institutions, and others that pass SET compliance testing.
Secure Socket Layer (SSL)
This protocol was developed by Netscape Communications Corporation to provide a high level of security for Internet communications. SSL provides an encrypted communications session between your web browser and a web server. SSL helps verify that sensitive information (e.g. credit card numbers, account balances and other proprietary financial and personal information) sent over the Internet between you browser and a web server, remains private during online transactions.
Faults, defects or programming errors exploited by unauthorised intruders to enter computer networks or web servers from the Internet. As these holes or bugs become known, software publishers develop "patches," "fixes" or "updates" users can download to fix the problems.
A plastic card about the size of a credit card with an embedded microchip where information and applications are stored. Information on Smart Cards can be updated after the card is issued. A Smart Card reader, a small device into which the smart card is inserted, is required to load data onto the card or read information from it.
Software programs that are installed on a user's computer without their knowledge to secretly gather information about the user. This software typically establishes an Internet connection with a third party, who may monitor a user's web surfing habits or engage in malicious monitoring to steal confidential information.
Symmetric Key Encryption
Also known as Private Key Encryption, this uses the same private key shared by the sender and recipient for the encryption and decryption of information. A web browser will generate a new symmetric key each time it opens a secure connection.
A malicious program disguised as a useful or fun program. Trojan Horses are frequently transmitted as files attached to email message, can be downloaded from websites, or enter a computer via a USB or CD file. When you install the file, it appears as if nothing untoward has happened, but the Trojan Horse installs itself on your computer and may destroy files or create a "back door" entry point that allows an unauthorized individual to gain access to your computer.
Malicious programs often designed as games, image files (JPEG) or screen savers. They are frequently transmitted as files attached to email messages, can be downloaded from websites, or enter a computer via a USB or CD file. Some viruses do damage immediately. Others remain dormant until a date is reached, predetermined by the virus creator, then come alive and destroy files or information. When run (i.e. when clicked on to install the file or play the game), viruses frequently search the Microsoft Outlook address book and send themselves to contacts in the address book without the user's knowledge. Known as self-propagation, this is how viruses can spread like wildfire across the Internet and corporate networks.
Web beacons are very small transparent images (usually 1 x 1 pixel) and are sometimes called clear gifs or actions tags. This technology can be used to compile aggregated statistics about website usage patterns like how many times a particular link, advertisement or specific area on a webpage is clicked.
A malicious program that replicates itself over a computer network. It does not alter files but resides in active memory of the computer, invisible to the user until massive replication causes a computer to slow or shut down. An example is when a worm infects commercial servers by flooding them with large amounts of data, the volume of which is uncontrollable. This can cause havoc in home PCs and commercial network and web servers. Self-replicating worms generally use email and infected websites to spread across computer networks.