Customer security and privacy is the Number One Priority at Strategic Profits Inc. (SPI). "Internet Shopping," a special report produced by Ernst & Young and the National Retail Federation found that Internet security remains the biggest hurdle to prospective Web purchasers, with almost 70% reporting that they are uncomfortable sending their credit card number through cyberspace. At Strategic Profits Inc. we recognize the importance of security when processing confidential information online and are working with leading industry organizations to ensure our security is at the highest level available within the industry at any given time. Security Resource Group Inc. provides us with management and reporting for both our online and physical premise security.

Website Security and Data Encryption
You and your customers are protected when accepting and processing orders online by using Digital Certificates (provided by Thawte) to verify that the site you are doing business with is the site you think it is. The difference between Thawte and Verisign is cost only. A Thawte certificate costs approximately $125.00 US and Verisign significantly more. Paying more at Verisign does not give you any more security. If the browser reads https:// you are secure...period.

SSL (secure socket layer) uses the digital certificates to create a secure, confidential communications "pipe" between two entities. This is means all data is encrypted when it travels between the customer and the web server. At this time 128bit encryption is the industry standard. You can determine you are on a secure site when you see the locked lock or key at the bottom of your browser. You should also look for https in the website address. The "s" in https means "secure". If you can't see the "s" in the browser before sending your confidential information stop the transaction and email the vendor to find out why!

We recommend digital certificates by Thawte and Verisign.

PGP is utilized for (128bit Cast) messaging, (160 bit SHA1) signatures and (1028-4096bit) Diffie-Hellman digital key exchange. PGP Data Suite is rated the highest in the industry to date. The technology is subject to Federal export laws in Canada and the United States.

Credit Card Processing
Encrypted information is processed via our PayPaq™ Server. Once a credit card is processed an email receipt is then sent to both the customer and the merchant. These receipts contain no credit card information. Any credit card information is stored in the PayPaq™ Server in a secure environment and is not accessible to the merchant. This is not a third party payment system. In other words there is no third party that holds your receipts for any period of time before they are released.

Physical Data Security
All sensitive data is housed in the SPI Data Centre. The Centre is an environmentally controlled room with redundant uninterruptible power supplies (UPS - protecting against A/C power surges, brownouts and lightning strikes), three-stage fire retardation system, physical perimeter and device security.

Operational Data Security
Firewall protection is employed that acts like a filter to allow access from only authorized sources and to authorized services. As an additional security measure outbound connections from the servers are permitted on an "as-needed" basis. Intrusion detection systems are also deployed on all servers and monitored for any suspicious behaviour.

Redundancy: Redundant high-speed connections from the Data Centre to four separate Internet backbone points via completely independent local loop connections.

A Failover database Server is also provided should any problems arise with the PayPaq™ server that requires a shut down or any type of failure. This assures 99.7% uptime for our customers transactional ability.

Backup: Daily incremental, weekly full, and for one year monthly data backup. Full dual backup copies are made for each week and stored both on-site and off-site.

Ethical Hacking on the system is also routinely performed.

Freedom of Information and Privacy Act (FOIP) Laws
Strategic Profits Inc. stores no financial information, other than the transaction scripts and forms, on our servers. All transaction information is stored on the PayPaq™ server. The rest of the details (name, address, etc.) are passed on to the customer via email (encrypted email - optional) Only sales/shipping information is stored on the SPI web servers protected by firewall. Upon request of the customer absolutely no consumer information will be stored on the SPI web servers. Upon request of the customer, encryption can be utilized regarding the sales/shipping information storage on the SPI web servers. Transaction details are available from the PayPaq™ server and the rest of the information is under the customer's exclusive control.