| 24. PCI-DSS Standard: |
| 1. We choose to comply with Payment Card Industry - Data Security Standard as the UK de-factor security standard. PCI-DSS is an audited inventory of security assets that is mandated by certain finance companies such as Visa and MasterCard. This security standard is also compliant with other similar security standards. |
| 2. A key factor of PCI-DSS is that wireless communications must not be used - wireless can never be secure. An expensive and important part of PCI-DSS is regular penetration testing by audit and white-hat hackers. |
| 3. We offer a bounty to all white-hat hackers for responsible disclosure of and potential vulnerability that can be discovered at any time. A daily challenge is fought out with hackers who try to attack web sites and who get caught out in our honey traps. |