Skip to main content

Security Policy

Security Capabilities and Transmission of Payment Card Data Policy

Squires Manufacturing Limited – Silver Fern Clothing (New Zealand)

1. Purpose

This policy outlines how Squires Manufacturing Limited (“the Company”) protects customer payment card information during online transactions conducted through the Silver Fern Clothing website. It describes the security capabilities, technical safeguards, and data‑handling practices used to ensure that payment card data is transmitted and processed securely in accordance with industry standards, including PCI DSS (Payment Card Industry Data Security Standard).

2. Scope

This policy applies to:

  • All online transactions processed through the Silver Fern Clothing website (https://silverfern.clothing)

  • All systems, services, and third‑party platforms involved in the transmission, processing, or storage of payment card data

  • All employees, contractors, and service providers who interact with payment‑related systems

3. Hosting and E‑Commerce Platform

Silver Fern Clothing is operated by Squires Manufacturing Limited and hosted on the BigCommerce platform. BigCommerce provides secure, PCI‑compliant infrastructure for e‑commerce transactions, including hosting, checkout security, and payment gateway integrations.

4. Security Capabilities

4.1 Encryption of Data in Transit

  • All payment card data transmitted through the website is encrypted using TLS 1.2 or higher.

  • Secure HTTPS is enforced across all pages to prevent interception or tampering of sensitive information.

4.2 No Local Storage of Payment Card Data

  • Squires Manufacturing Limited does not store, process, or transmit raw payment card numbers on its own servers.

  • All payment card information is handled exclusively by PCI DSS–compliant third‑party payment gateways integrated through BigCommerce.

4.3 PCI DSS Compliance

  • BigCommerce and the payment gateways used by Silver Fern Clothing maintain PCI DSS Level 1 compliance, the highest standard for payment security.

  • The Company relies on these certified providers to ensure secure handling of cardholder data.

4.4 Secure Payment Gateways

Silver Fern Clothing uses trusted, PCI‑compliant payment service providers (PSPs), which may include:

  • PayPal

  • Stripe

  • Apple Pay / Google Pay (where available)

  • Other BigCommerce‑approved PCI‑compliant gateways

These PSPs tokenize card data, ensuring that Squires Manufacturing Limited never receives or stores full card numbers.

4.5 Fraud Prevention and Monitoring

  • Integrated fraud detection tools provided by payment gateways include AVS (Address Verification System), CVV verification, and automated risk scoring.

  • High‑risk or suspicious transactions may be declined or flagged for manual review.

4.6 Website Security Controls

Squires Manufacturing Limited implements the following security measures:

  • Regular platform updates and security patches (managed by BigCommerce)

  • Web application firewall (WAF) protection

  • Automated malware scanning

  • Strong password policies and multi‑factor authentication (MFA) for administrative access

  • Access controls based on least‑privilege principles

4.7 Data Privacy and New Zealand Law

The Company complies with the New Zealand Privacy Act 2020, ensuring that personal information is collected, used, and protected responsibly.

5. Customer Responsibilities

To help maintain security, customers are encouraged to:

  • Use secure networks when making online purchases

  • Keep their devices updated with current security patches

  • Report any suspicious activity to Silver Fern Clothing immediately

6. Incident Response

In the event of a suspected or confirmed security incident involving payment card data:

  • The Company will immediately notify BigCommerce and the relevant payment gateway

  • An investigation will be initiated in accordance with PCI DSS guidelines

  • Affected customers will be informed promptly if their data may have been compromised

  • Relevant authorities may be notified as required under New Zealand law

7. Policy Review

This policy will be reviewed annually or whenever significant changes occur to:

  • The Company’s e‑commerce platform

  • Payment processing methods

  • Applicable laws or industry standards

!