5.1 Vendors shall maintain effective controls to protect the integrity and confidentiality of payment and other personal information consumers provide. Security mechanisms shall be consistent with current industry standards and appropriate to the type of information collected, maintained or transferred to third parties.
5.2 Vendors shall ensure that third parties who are involved in transactions and have access to personal or payment information comply with 5.1.
5.3 In fulfilment of this principle, vendors are encouraged to disclose to consumers the level of security used on their Web site. Vendors are encouraged to use certification services to support security claims and to provide Web site links to these certification services for validation.
