This web site uses IP Solutions Gateway, which processes online payments through our online payment service. Your credit card statement will show "Starlight Children's Foundation" or similar as the merchant.
The site forwards your transaction to our ePay payment gateway. The payment details are then forwarded by the payment gateway via an encrypted link to our online payment system for processing. The payment gateway then interfaces with your nominated clearing bank to clear the transaction.
What security precautions are in place to protect the loss, misuse or alteration of my personal information?
An online payment system is actually safer than traditional credit card handling, because there is no manual handling of credit card details. This site has security measures in place to protect the loss, misuse and alteration of the information under our control.
The Starlight Children's Foundation utilises IP Solutions International (www.ipsi.com.au) ecommerce services to process its credit card donations. IP Solutions technology is market leading and independently audited to ensure ongoing compliance with the most stringent securty requirements with in the credit card industry. All online transactions are secured and encrypted using 128-bit encryption key with SSL public key cryptography. IP Solutions International technology is Level 1 PCI DSS certified and IP Solutions International is a provider of credit card payment services to all of the major banks in Australia.
This web site secures the transmission of your information to the web server with 128-bit SSL or higher encryption, depending on your browser capability.
What is secret-key cryptography?
In secret-key cryptography the same key is used to encrypt and decrypt a message. It is called secret- key because the same key is shared by all communicating parties who must keep the key a secret in order to maintain confidentiality.
What is public-key cryptography?
In public-key cryptography, a pair of keys is used. One is kept secret (known as the private key) while the other can be freely published (known as the public key). The public and private keys are mathematically related so that data encrypted with one can only be decrypted by the other. This means that data encrypted with the public key can only be read by the owner of the private key, who keeps that private key a secret.
What is a digital signature?
A digital signature is a value computed from a message and the signer's private key. Since it uses the signer's private key, only the signer can generate this value. This makes it impossible for a rogue party to alterthe message and generate the correct digital signature for it. The receiver of the digital signature can verify it using the signer's public key. If the digital signature cannot be verified then either the signature is fraudulent or the message has been altered. Our system uses SHA- 1/RSA as its digital signature algorithm.
What is a digital certificate?
A digital certificate is a digital document that binds a public key to the identity of a particular entity. It allows a person to use the enclosed public key with the assurance that it belongs to the person identified in the certificate. Digital certificates are issued by a trusted third party known as a Certificate Authority (CA). The CA places its digital signature on the certificate so that a user of the certificate can be assured that the contents of the certificate are bound together and have not been modified. The CA will only issue a certificate to an entity that can provide sufficient identification and can demonstrate that the public key being included in the certificate is their public key. Camtech E-Commerce uses X.509 version 3 as its digital certificate format.
How does the security work in practice?
Step 1: Before a message is sent, a digital signature of the message is generated by the sender.
Step 2: The message, digital signature and sender's certificate are combined and encrypted with a randomly generated secret-key to form the encrypted message.
Step 3: The secret-key is then encrypted using our Payment Gateway to form what is known as a digital envelope. The encrypted message and the digital envelope are then sent to the payment gateway.
Step 4: The payment gateway decrypts the digital envelope using its private key to recover the secret-key, and then decrypts the encrypted message.
Step 5: The payment gateway verifies the integrity and authenticity of the message by verifying the enclosed digital signature and digital certificate.
Step 6: The payment gateway generates an Australian Banking Standard AS2805F (ISO8583) message which is forwarded to the bank for processing in real time.
Definition of terms used
IP address: When you are connected to the Internet, you computer has a unique Internet ID called an IP (Internet Protocol) address. Most people that connect through a dial-up or broadband service get a different IP address each time they log. On. You may have a permanently assigned IP address called a static IP address. If is difficult or impossible for a web site to collect personal information about you e.g. you name, email address from your IP address alone, though a static IP address makes this easier.
SSL encryption: SSL (Secure Sockets Layer) is a method by which information transmitted across the Internet is scrambled to the point where it's virtually indecipherable by anyone who might intercept the data before itreaches its destination. Almost all reputable online stores make use of SSL encryption to request credit card information and other sensitive data from their customers. Web pages where SSL encryption is activated a typically identified by a lock or key symbol displayed somewhere in your browser. Refer to your browser's documentation for the specific symbol and location.