Security Statement
While the Internet is not an inherently secure environment for communication, Internet communication can be made safer by the application of appropriate technology as we have done (see below). Internet security, however, is not solely a "technology" issue. Common sense and normal practice in safeguarding personal and transaction data are of equal importance. "Hackers" need a "door" to get into the system. Often, access through this "door" is provided to "hackers" due to simple carelessness in the physical distribution of sensitive documents and the handling of sensitive data (such as passwords or personal identification numbers). Users must, therefore, handle such sensitive documents and data with extreme care.
We take security matters very seriously and treat all personally identifiable information obtained from users of our websites confidential. In addition to the firewalls and other sophisticated equipment implemented, we also provide and maintain the following measures to protect our system ("ESD System"), and the information and data contained in them from accidental or malicious disruption or destruction.
- Adopt Security Standards
We will adhere to the international standards to ensure transaction integrity and protect confidential information. Such standards relate to, for instance,:
(i) business and information privacy practices,
(ii) transaction integrity and
(iii) information protection.
- Support Digital Certificates Issued by the Hong Kong Post
To protect information transferred over the Internet and to uniquely identify individuals, the ESD System supports the Public Key Infrastructure (PKI) implemented by Hong Kong Post, a trusted certificate authority. The PKI, via the issuance of digital certificates and the use of public key cryptography and digital signature, enables the authentication of user identities and ensures security and integrity of transactions conducted over the Internet.
We also employ 128-bit encryption to encode all communications of sensitive data. Encryption enables users to continuously send encoded information back and forth across the Internet with a high degree of security.
- Implement Secured Online Payment
Online payments supported by the ESD System are protected through the Secure Socket Layer (SSL) and the Secure Electronic Transaction (SET) mechanisms. Payment details are encrypted under the SET/SSL protocol and transmitted directly to the relevant bank for payment approval and settlement. In addition, physical security check through card swiping is required for payment transactions conducted through kiosks.
USERS ARE RESPONSIBLE FOR KEEPING THE PASSWORDS OF THEIR DIGITAL CERTIFICATES CONFIDENTIAL. WE ENCOURAGE USERS TO CHANGE PASSWORDS PERIODICALLY. IF THE USER SUSPECTS A BREACH IN THE SECURITY OF THE DIGITAL CERTIFICATE, PLEASE CONTACT THE CORRESPONDING CERTIFICATE AUTHORITY (E.G. HONG KONG POST) IMMEDIATELY. IN THE CASE WHERE A USER ALLOWS AN UNAUTHORISED INDIVIDUAL TO GAIN ACCESS TO HIS/HER DIGITAL CERTIFICATE AND THE PASSWORD, ESD SERVICES LIMITED WILL NOT BE HELD RESPONSIBLE FOR ANY CONSEQUENCES RESULTING FROM THIS ACTION.
Enquiries:
If you have any questions or concerns regarding our Security Statement, or if at any time you feel your privacy has been breached, please contact:
ESDlife Customer Service Department
Unit 1209, 12/F Two Harbourfront
22 Tak Fung Street
Hunghom, Kowloon
Tel: (852) 3151 2222
E-mail: support@esdlife.com
GLOSSARY:
Authentication:
Authentication is the process that verifies a user's identity to ensure that a person requesting access is in fact, that person to whom entry is authorised.
Certificate Authority (CA):
Certificate authorities (CAs) issue digital certificates and validate the holder's identity and authority. Public Key Infrastructure (PKI) and digital certificates are most trustworthy when vouched for by a trusted CA.
CAs embed an individual's or an organisation's public key along with other identifying information into each digital certificate and then cryptographically "sign" it as a tamper-proof seal, verifying the integrity of the data within it and validating its use.
Digital Certificate:
Digital certificate is an electronic file issued and digitally signed by a trusted third party, a Certificate Authority (CA), which verifies the identity of the certificate's holder.
Digital Signature:
A digital signature is a unique string of bits that is separately generated for each message, 'signed' by the private key of the sender, and appended to the message prior to being forwarded to the intended recipent. By verifying the signature through using the public key of the sender, the receiver will be able to confirm the identity of the sender and be certain that the message has not been altered during transmission.
In this way, digital signatures provide:
- Authentication: proof of identify of the parties to an electronic transaction;
- Integrity: assurance that the contents of a message have not been tampered with or modified;
- Non-repudiation: proof of agreement to the terms of the transaction and prevention of denial of commitment.
Public Key Cryptography:
Public Key Cryptography or Asymmetric Cryptography forms the basis of digital signatures and Public Key Infrastructure. This technique makes use of a pair of mathematically related, but different keys - a private key and a public key. The private key is kept secret and is only accessible to its owner; the public key is intended for wide distribution.
The public key can be used to verify a message signed with the private key, or to encrypt messages that can only be decrypted using the private key.
Public Key Infrastructure (PKI):
Public key infrastructure (PKI) is the combination of software, encryption technologies, and services that enable the security of communications and business transactions over the Internet.
PKIs integrate digital signatures, public key cryptography, and certification authorities into enterprise-wide network security architecture. |
「優質婚禮商戶」計劃 
