Risk and fraud management
Direct Payment Solutions are pioneers of Payment and Billing systems; certified with seamless connectivity for settlement into every bank in Australia and New Zealand, Westpac Pacific Islands and Citibank in Singapore. DPS develops software which processes electronic transactions, in real time.
Security of credit card information and personal data that is routed via Payment Express® is of extreme importance and as such this document aims to outline best practice solutions that DPS recommends to all merchants.
DPS have a dedicated development and datacentre specially designed for payment processing. DPS are fully certified and compliant with Visa AIS (Account Information Security) and MasterCard SDP (Site Data Protection) (PCI-DSS) at processor level; using Ernest and Young Risk Management for quarterly scans on systems and full onsite audits, annually.
DPS own all internal networking and security infrastructure, including dual Host systems and cold stand-by at the IBM datacentre, dual UPS, multi-ohm internet connectivity, failover switches and back up generators. We also have a host system based in Sydney for our Australian customers and a private GPRS network, in Australia and NZ, for wireless payment processing.
There is a level of risk involved when accepting credit cards in a ‘card not present’ situation. Examples of ‘card not present’ transactions include accepting credit cards over the phone, via fax or via a website. In these cases, it is not possible to validate the signature of the card holder thus increasing the risk of fraudulent transactions. Often, some business types are more susceptible to fraud than others. It is important to understand ways in which fraud can be reduced by incorporating some of the features described in this section.
How can I practice safe online trading?
DPS offer a fully hosted solution, in which users can process payments on our secure servers. DPS are fully AIS (Account Information Security) and SDP (Site Data Protection) commonly encompassed as PCIDSS certified. Using our hosted solutions removes the risk from the merchant having to store sensitive credit card information on their servers or databases.
DPS hosted solutions provides the end user with 128 bit encrypted (SSL) payment page and comes pre built with exception handling resulting in reduced website development time and costs.
Cost Savings
- No secure certificate (SSL) certificate is required to be purchased as all payment (sensitive) information is collected on DPS’ servers
- Reduced cost in development. DPS hosted solutions come built with a robust engine for catching exceptions.
- DPS hosted solutions come packaged with 3D Secure capabilities. 3D Secure is discussed in greater detail in the following sections.
- The merchant is covered for all future mandates that banks impose upon them as e-merchants, and will incur no further development or compliance costs.
Every merchant will agree that ensuring their customers have the most convenient means of shopping is the best way to trade online. It is also important to take into consideration the following:
Display the DPS privacy policy
This is an important step and often shows your customer that you are indeed serious about the way in which you collect information in line with banking requirements, DPS mandate this for all integrated solutions as well.
Additional information such as your shipping procedure should also be outlined as either a sub-section of this policy document or as a separate document altogether, should you wish to display more detailed information.
Display the DPS logo on your payments pages
It is often comforting for the consumer to know that transactions processed via your application are back-ended by Direct Payment Solutions. DPS lead the electronic payments market in Australasia and as a further reassurance, you can provide a link to testimonials from some of DPS’ high profile customers.
Draw attention to additional security policies
If you have implemented additional secure processes (e.g. 3D Secure), make this known to the customer. Explain these processes in a clear and comprehensible format.
Display information on your sales / refund policy
This will allow your customer to view your company’s policy on sales and refunds. You may also want to include a ‘terms and conditions’ of sale policy alongside this information as well.
Additional information such as your shipping procedure should also be outlined as either a sub-section of this policy document or as a separate document altogether, should you wish to display more detailed information.
Additional Security Implementations
3D Secure
Authentication Visa and MasterCard have each developed schemes to further protect merchants from fraudulent transactions with Verified by Visa and SecureCode.
Each of these schemes requires the consumer to enter a password, unique to each credit card before a transaction is approved. This additional step requires both the merchant and the card holder to be enrolled as participating members.
DPS can make available at no additional cost to merchants using the Hosted Payments Page package a merchant plug-in (MPI) that will enable 3D secure functionality.
Pre-authorization / Completion (“Tipping”)
This is a two step transaction involving a consumer initiating a purchase.This process is particularly useful for merchants that want ‘complete control’ over their order fulfillment process or have a need to verify that the product is in stock before any money changes hands.
To enable this functionality, please contact merchant services at your bank.
Step 1: Pre-authorisation In this step, the consumers’ credit card is validated for a predefined amount. If approved, these funds are guaranteed to be available to the merchant for up to 7 days. If for any reason, you decide not to go ahead with completion of this transaction – you as the merchant simply need to take no further action.
Step 2: Completion This is the second step to this transaction. Once the merchant has validated the contents of the order and feels comfortable in fulfilling this, he/she will need to ‘complete’ the transaction.
In this stage, money is ‘transferred’ between the card holder (consumer) and the merchant.
CVC values are found on Visa and MasterCards and CID values are found on American Express cards. The CVC value is a four digit non-embossed number that is on the back of a Visa and MasterCard. CID values and just above the credit card number on American Express cards, as illustrated below.
