Website Security Policy cover

Website Security Policy

Website Security Policy

(1) Website Security Measures and Methods

(Organization/Website) recognizes the critical importance of website security to protect users' data from destruction or unauthorized intrusion by malicious or unauthorized parties. Accordingly, a website security measure has been established using advanced data security standards through Secured Socket Layer (SSL) or Transport Layer Security (TLS) technology. This technology works in conjunction with the HTTP protocol to encrypt data transmitted over the internet every time a financial transaction is conducted through the internet network of (Organization/Website), rendering intercepted data unusable to eavesdroppers. Data encryption serves as the core mechanism for data security, which users can observe from the https:// protocol prefix in the address bar.

SSL is a protocol developed by Netscape in 1995 as a secure connection protocol between web browsers and web servers, or other systems communicating over the internet. SSL encrypts data transmitted to the website to prevent data interception and hacking attempts targeting users' personal information. Furthermore, SSL enables website visitors to verify the authenticity and safety of the website they are visiting by looking for the SSL certificate indicator displayed on the web browser, which signifies that the connection to the website is secure.

TLS is the successor developed from SSL, featuring enhancements to improve connection security and performance. Generally, TLS was developed to resolve certain limitations discovered in SSL and to prevent new forms of cyber attacks. TLS provides higher cryptographic security than SSL, particularly through advanced encryption, which offers superior capabilities in preventing data interception and hacking. Therefore, TLS is superior to SSL due to its optimized security and connection efficiency. Currently, TLS is the widely accepted and universally utilized protocol for secure connections across websites and applications.

At present, TLS 1.3 is the latest version of TLS, offering significant upgrades in security and connection performance. It employs advanced encryption and reduces web server resource consumption during the cryptographic handshake—a process that was a vulnerability in prior versions. In addition, TLS 1.3 improves forward secrecy management and mitigates risks associated with advanced encryption vulnerabilities that could occur when websites transmit large volumes of data.

The recommended minimum SSL/TLS key size is 128 bits, which is considered highly secure, complex to decrypt, and widely implemented to prevent data theft and unauthorized access. However, 128-bit encryption alone may not fully deter brute-force attacks that leverage substantial time and computing resources to crack the key. Therefore, selecting an encryption scheme requires the consideration of other architectural components, such as cryptographic algorithms and network transmission methods, to enhance the overall security of system communications.

QUIC (Quick UDP Internet Connections) is a connection protocol between web browsers and web servers that utilizes the UDP protocol instead of the TCP protocol traditionally used in HTTP and HTTPS. Originally developed by Google, QUIC was designed to improve connection efficiency and security. Since TCP experiences inherent limitations—such as slow congestion control and mandatory data retransmission in the event of errors—it can cause delays in website loading. QUIC provides faster connection establishment speeds than TCP and offers robust security through integrated data encryption and authentication. Furthermore, QUIC allows for easier connection optimization and development without waiting for underlying operating system protocol updates, leading to better long-term connection efficiency and a reduction in vulnerabilities associated with legacy protocols.

The implementation of QUIC can be executed via the HTTP/3 protocol; however, it remains restricted to certain models of web browsers and servers. In the near future, its deployment is expected to become more widespread with broader native support to facilitate ease of installation and utilization.

(2) Supplementary Security Technologies

In addition to the general website security measures and methods stated above, (Organization/Website) utilizes the following advanced technologies to safeguard your personal data:

Firewall: A software system designed to permit only authorized or approved users of (Organization/Website) to pass through the firewall to access data.

Virus Scan: In addition to installing high-efficiency antivirus software with regular updates on all user-serving computers, (Organization/Website) has deployed specialized antivirus software directly on the core server units.

Cookies: Small computer files that temporarily store necessary data on the user's computer to facilitate faster and more convenient communication. Nonetheless, (Organization/Website) highly respects user privacy and consciously avoids the excessive use of cookies. Should the use of cookies be strictly necessary, the organization will evaluate the implementation thoroughly, prioritizing user safety and privacy as core principles.

Auto Log-off: When utilizing the services of (Organization/Website), users should manually log off after finishing each session. In the event that a user forgets to log off, the system will automatically log the session off within an appropriate time frame defined for each specific service to ensure the user's own security.

Electronic Certificates: The deployment of electronic certificates to validate SSL/TLS keys issued by a trusted Certificate Authority (CA) reinforces user confidence. It verifies that the website genuinely belongs to the stated organization, as obtaining a trusted certificate requires the submission of official documentation to verify the legal existence of the entity. Furthermore, these certificates can be revoked if the website loses its credibility. Users can study additional information from the National Root Certificate Authority of Thailand or NRCA Thailand (https://www.nrca.go.th/).

(3) Security Recommendations and Precautions

Although (Organization/Website) maintains high-standard technologies and security methods to prevent unauthorized access to your personal or confidential data, it is generally acknowledged that no security system can absolutely guarantee protection against data destruction or unauthorized access by malicious actors. Therefore, users are strongly advised to comply with the following security recommendations:

Exercise caution when downloading programs from the internet for use. Always verify the website address (URL) accurately before logging in to prevent credential theft via fraudulent or phishing websites.

Install a reliable antivirus system on your computing device and ensure that the antivirus software is regularly updated to the latest version.

Install personal firewall software to protect your computer from cyber attacks perpetrated by unauthorized external parties, such as crackers or hackers.