William Hill realises that a high level of security is essential in order to protect both ourselves and our customers. Due to the fact that William Hill handles financial transactions and is privy to sensitive information, the entire system has been designed with the utmost attention to data integrity, security and reliability.
All sensitive data are stored in an encrypted format with a key known only to the customer. To ensure the safety of all such data the customer’s password must be entered in order to carry out any transactions where such information is required.
William Hill encrypts all data traffic between our customers and our servers using SSL technology.
In order to limit the risk of website failure, William Hill has multiple redundant servers. This minimises the need for scheduled downtime, and reduces the risk of unscheduled stops.
Since William Hill deals with sensitive information, such as account balances and transactions, any loss of data would be severly detrimental. William Hill has two systems in place to manage this risk: Daily backups are performed of the entire data set; and all operations are continuously mirrored on an off-site machine.
William Hill guarantees payment of all winnings by reserving the total potential losses from both parties once a bet has been matched. This amount is reserved in the customer’s William Hill account until the result has been verified and winnings appropriately distributed.
William Hill uses two independent sources to verify results in order to eliminate the potential for erroneous information. Winnings will not be paid out until the result is confirmed by both sources.
All sensitive data are stored, encrypted with a software key known only to the customer, in the internal database. This database cannot be reached from the outside. It is connected to a separate internal network and thus is not on the same physical circuit as the user-accessible front-end servers. When the information is needed to perform a transaction, the user is asked for his password (which is used to decrypt the information); the front-end then instructs a special communications module to perform the transaction and supplies the password.
The interface module, which is the only means of access to the internal database, relays this instruction to the database, which in turn uses the user-supplied password to decrypt the required information and perform the transaction.
This procedure may seem to be complicated and unnecessary but it has been designed to ensure that not a single piece of sensitive information is, even for a moment, stored in an environment which is linked to the outside world. This in turn means that even if one of William Hill’s servers is compromised, the intruder would not be able to acquire any sensitive data. Furthermore, the use of encryption with a key known only to the customer in question minimises the possibility of internal fraud.
To ensure a high level of reliability, the system has been designed and configured in a way that allows each module to be scaled up independently. Thus it is possible to have multiple redundant servers, minimizing the need for scheduled downtime, and reducing the risk of unscheduled stops.
Since William Hill deals with important and critical information, such as account balances and transactions, any loss of data would be severely detrimental. William Hill has two systems in place to manage this risk: daily backups are taken of the entire data set and all operations are continuously mirrored on an off-site machine. As well as providing a means of recovering from any system failures, William Hill can also readily transfer operations to an alternative location whilst staying online.