When you place an order with us, in summary:
- We don’t store your full card details
- You can ask us to cancel your payment and remove the details we do store at any time
For more detailed information about our payment process please continue reading our nitty gritty.
When you place an order with us the type of payment made is a commonly used but little known one called a CPA (Continuous Payment Authority). This means that we can process subscription payments as well as additional purchases seamlessly, without having to store any of your sensitive information such as your full credit card details. Clever huh? The credit card networks handle your payments securely in partnership with very select authorised payment processors and your bank. The reason we use CPAs is so we can process subscriptions without our customers having to set up a direct debit with their bank, but with the same guarantee that you are in control and you can cancel whenever you want. For more information on CPAs, click on the MoneyFacts link here.
As of 2015 credit card authorities such as Visa and MasterCard have started rolling out a scheme which automates payment detail updates when customers change or renew cards. Mastercard and Visa have done this in an effort to prevent disruptions to subscriptions and unexpected interruptions of services (like your mobile phone). This means that if your bank is participating in the scheme, there is a good chance that when your card expires your new card details may be updated behind the scenes automatically, saving you the time and hassle of re-organising your payments (and that’s also done without us ever seeing your new card number).
If this automation feels intrusive please get in touch with your bank or card issuer to let them know that you would not like to participate in the scheme as it is them that manage this for your card, not us. This will stop us (and other merchants) providing you with this service. As this process is driven by card networks such as MasterCard and co-operating banks we are unable to prevent your card details from being updated. CPAs are set and cancelled at your discretion. This means that both us and your bank must cancel any payment agreement upon your request.
To be absolutely clear, we don’t store your card details, and in fact, neither does our payment provider. Once your card is authorised, we use a special encrypted key which is unique to the combination of us, you, your card, and the payment provider. It’s using this encrypted key that allows the billing to take place. No one can ever find out your card details from us. And because that key contains a reference to us, no one else could ever use it to take money: it simply wouldn’t work. This is the gold standard of online card security.