Security

pallmalltravel.com is a completely safe and secure online environment. You can be confident that we’re taking care of all your security concerns.

Our secure server
Every credit card purchase you make at pallmalltravel.com is done through our Secure Server Technology. This provides many security features, including:

Authentication: this assures your browser that your data is being sent to the correct computer server, and that the server is secure.

Encryption: this encodes the data, so that it cannot be read by anyone other than the secure server.

Data Integrity: this checks the data being transferred to ensure it has not been altered.

Why pallmalltravel.com is so secure
Please be assured that your credit card transaction is protected and secure. We are so confident that shopping on pallmalltravel.com is secure we offer this Guarantee:

In the extremely unlikely event that that your card is used fraudulently as a result of a transaction on the pallmalltravel.com site, we will reimburse any money lost.

You are only ever liable for up to £50 in a fraudulent transaction, the credit card company will pay the rest. We will pay this amount plus an extra £20 for the inconvenience.

We have utilised the most advanced security technology for all credit card transactions in order to create a safe and convenient shopping experience for you.

Technical terms explained
Our secure server software encrypts information, ensuring that Internet transaction stay private and protected. pallmalltravel.com uses a security protocol called "SSL3".

What is SSL?
Recent developments in browser/server technology have made it easy for people to use Web services without worrying about electronic fraud. Two examples are Secure Sockets Layer (SSL) developed by Netscape, and Secure Hypertext Transfer Protocol (S-HTTP) developed by Terisa Systems, Inc. Both of these security protocols have been submitted to the Internet Engineering Task Force (IETF) as an Internet-Drafts. Basically, these protocols allow the browser and server ends of a Web session to authenticate one another and secure information which subsequently flows between them. Through the use of cryptographic techniques such as encryption and digital signature, these protocols:
Allow Web browsers and servers to authenticate each other; Permit Web site owners to control access to particular servers, directories, files or services; Allow sensitive information (e.g., credit card numbers) to be shared between browser and server, yet remain inaccessible to third parties; and Ensure that data exchanged between browser and server cannot be corrupted - accidentally or deliberately - without detection.

Public key certificates
A key component in the establishment of secure Web sessions via the SSL or S-HTTP protocols is the public key certificate. Without authentic and trustworthy certificates, protocols like SSL and S-HTTP offer no security at all.

The credentials used to authenticate Web servers and their clients via protocols such as SSL and S-HTTP are called X.509 public key certificates. A public key certificate is analogous to a passport, in that it proves your identity and is authorized by a trusted third party known in the security world as a Certification Authority or CA (see below). In the passport analogy, the CA is similar to the Passport Office, which verifies your identification, creates a recognized and trusted document which certifies who you are, and issues the document to you.

CA's and third party trust
A Certification Authority (CA) is a trusted authority responsible for issuing certificates used to identify a community of individuals, systems or other entities which make use of a computer network.

By digitally signing the certificates it issues, the CA binds the identity of the certificate owner to the public key within the certificate, and thereby vouches for the trustworthiness of the certificate. Network users possess the CA's own public key certificate (sometimes referred to as the "root key"), and use it to verify others' certificates. In doing so, they have assurance that the public keys in those certificates are the authentic keys of the named subjects, and know that the CA (whom they recognize and trust) vouches for this binding. The CA plays a crucial role in Web security, since the CA makes a third-party trust relationship possible.

In a large, distributed and complex network such as the Web, the third-party trust model is necessary since there are many permutations of dynamic, client-server relationships. Servers and clients may not have an established mutual trust; yet both parties want to have secure sessions, which demands a foundation of trust. The CA is the missing link which makes trusted Web sessions a reality. Because each party in the session trusts the CA, and because the CA has vouched for each party's identification and trustworthiness by signing their certificates, each party recognizes and has implicit trust in the other, so the secure session can proceed without the risk of masquerading. Further, since the two authenticated parties exchange public key certificates, they can encrypt and digitally sign session data, removing the possibility that others may eavesdrop on the session or tamper with data.