In November 2020, we introduced a new Security feature to further protect saved payment cards.
Starting in November, when you enter card details to make a purchase we will link the use of this card to the device you are using. If you login from a different device that has not used this card before, we’ll ask you to verify those card details.
Q: What is the security benefit of doing this?
A: This feature protects your cards from being used by someone else in the rare event that an unauthorised person gains access to your account.
Q: I’ve used the same device for a long time, why am i being asked to verify my details now?
A: This is a new security feature we introduced in November 2020 and we are unable to retrospectively link your device and card together.
Q: How do you link my device to the card?
A: We store a cookie on your device with a unique ID, which corresponds to another unique ID for your payment card. When making a purchase, we check to see if your device has the corresponding cookie for the card you are using. These IDs are meaningless to anyone other than us and do not contain any sensitive information.
Q: Where do you store my card details?
A: We never see your card details and they don’t even go through our servers. You input your card details into a page hosted by our payment provider. Your card details are submitted directly to them and they return a unique ID to us that we can use, without knowing your full card details. You can find out more about this in our article about PCI Compliance.
Q: Why am I being asked to verify my card details on the same device I always use?
A: Because we use a cookie to remember your device, it’s possible your cookies have been cleared and therefore we don’t recognise your device anymore. Cookies aren’t saved when you use ‘Private Browsing Mode’ on your browser, or if you are logged in as a different user.