We all have read a lot about data security and its importance. Regardless of the measures taken, no one can guarantee or insure that every internet communication is 100% secure against every form of interception. Having said that, we have taken a number of steps to help maintain the security of your personal information:
We also have retained a third party to verify important information that you should want to know before entrusting your personal information to the forms on this website. This is called “extended verification” and it causes our website name to appear in green on your browser window. You will notice that most “https:” sites do not do this – it’s because it’s a hassle to obtain. It should be important to you because it means that we are not a “fly by night” operation and that we are more than just a website. We really exist and we do business with real customers. Among other things, the third party has verified that:
Caywood Propane Gas, Inc. legally exists as a valid organization or entity in its Jurisdiction of Incorporation (the State of Michigan).
The name Caywood Propane Gas, Inc. matches the name on the official government records of the Incorporating Agency (the State of Michigan Secretary of State).
The Registration Number assigned to Caywood Propane Gas, Inc. by the Incorporating Agency (again, the State of Michigan Secretary of State).
The identity and address of Caywood Propane Gas, Inc.’s Registered Agent or Registered Office (as applicable).
Caywood Propane Gas, Inc. owns or has the exclusive right to use the domain name caywoodpropane.com.
Caywood Propane Gas, Inc. has authorized the issuance of this Premium extended verfication secure socket layer (EV SSL) certificate (we do this to protect you).
So how well does encryption work? Pretty darn well as long as you use a relatively up-to-date browser with 128- to 256- bit encryption. If your browser has that encryption level, even a brute force attempt at cracking the encryption (the process of systemically trying all possible combinations until the right one is found), at least under today’s mathematical standards and knowledge, is unfeasible. Needless to say, we strongly recommend that you make sure that your browser is up to date and that you take active steps to manage the security and privacy settings on your browser.
Here are some commonly asked questions about website and data security:
How do I know I’m really on your Site and that it is safe?
If you receive an email requesting information that contains a link to our website, you need to make sure that it’s really Our site that you are being directed to. How do you do that? The best way is to type our Site name into the browser yourself. The second best way is to look carefully at your browser. Do you see the “https” prefix? Is there a padlock in front of it? Does it appear in green letters or with a green background? If so, click the padlock and make sure that it’s us. When hackers try to fool you with unsecure sites using email they are “phishing.” Only you can prevent becoming a phishing victim by following the safety steps we have described.
Another, more sophisticated form of internet deception is “pharming.” That’s when a hacker tries to hi-jack a website. When hackers do this you wind up at the wrong site even when you type in the correct URL (e.g., mywebsite.com). Our SSL certificate prevents this because the hacker would have to obtain an identical SSL certificate that proves domain ownership. If the hacker tries to fool you with a slightly different certificate, your browser should warn you that the URL (caywoodpropane.com) does not match the SSL certificate presented by the fake web server. If the hacker tries to use a fake certificate used by an untrusted certificate authority, your browser should send you a warning that says “the security certificate was issued by a company you have chosen not to trust.”
How do you protect information I submit to your Site that goes to third parties?
Information that you submit to us from our Site may go to one of two third parties. When you submit a new customer application, place an order, sign up for Pre-Buy or Price-Lock Pricing Options or conduct other business with us on this website, the information is encrypted using the SSL technology we just described above and sent to another SSL certificate encrypted third-party server.
The third parties we use take a number of steps to protect the information that you submit. Among other things, they may go through periodic site security scans to detect common security issues. These scans often are conducted by a third party (a company called Security Metrics) and in accordance with Payment Card Industry Data Security Standards (known as PCI/DSS – we’ll describe this in detail later). Our third parties also state that they follow and comply with a number of governmental and industry standards.
If you make a payment on this website (using a credit card, debit card or eCheck), we are sending you directly from this website to a third-party gateway maintained by a payment processor. Like other third parties we use, our processor takes a number of steps to insure its security and reliability. They are compliant with PCI/DSS standards and take a number of advanced steps to insure compliance (again, we describe PCI/DSS standards in greater detail below).
We use a third party, Go Daddy, to host our website. Go Daddy stores some information submitted by you on our website. They also act as our SSL certificate authority. Go Daddy takes a number of steps to insure that control over our certificate and our website is maintained by us. For security purposes, we will not divulge the details of those steps.
What else do you do to protect my information?
Earlier we mentioned Payment Card Industry Data Security Standards, also known as PCI/DSS. PCI/DSS is a set of industry standards that govern things like standards followed by device vendors and manufacturers, software vendors, credit card and payment processors, and merchants like us. These standards are designed to protect your debit card, credit card and eCash information from fraud.
Under PCI/DSS, we are required to annually complete a Self-Assessment Questionnaire. This annual process requires us to certify that we are taking a number of steps (or not taking certain actions) to protect cardholder information. Among other things:
We have taken steps to verify that our third-party providers are PCI/DSS compliant. This means that they have taken steps with respect to their hardware, software, and business practices and processes. This includes appropriate restrictions on access to information that they store that are PCI/DSS compliant.
We do not electronically store credit card, debit card or eCheck information.
Access to your information is restricted. Only authorized employees may access it and even then, must provide appropriate credentials that go beyond a simple userid and password. Our employees also undergo appropriate background and reference checks before being granted access to your information.
We have completed the PCI/DSS self-assessment and received a certificate from ControlScan. You may review our certificate upon request.