Payecom - where online security counts
Contact Payecom
Payecom Credit Card Payment GatewayPayecom Support
Security and the Payecom advantage
Accept all credit cards on your website or shopping cart

Payecom Security

Payecom utilises a highly refined and specially designed mix of leading edge technologies to deliver a secure service that enables online businesses to accept credit card payments on their website or shopping cart in complete confidence.

THAWTE SSL 128/256 bit Secure Connection
All activity between the customer and Payecom is protected by THAWTE SSL. This means the live connection between a customer and all Payecom merchant online payment systems is encrypted using an algorithm recommended by all major credit card companies and banks for the protection of e-commerce activity online.

2048 bit RSA Cryptography (Encryption)
Payecom utilises 2048 bit RSA cryptograph technology, an exceptionally sophisticated encryption method and one that is recognised by Visa, Master Card, Diners Club and American Express as meeting (in most cases exceeding) their highest level security requirements for data encryption. It is important to understand this occurs on top of and in addition to the SSL encrypted connection that exists between the customer and the merchants secure Payecom payment page.

When using the Payecom ST gateway, approved merchants will be sent this encrypted data directly for decrypting using a key that only exists on one single PC. Unlike when sending credit card details by fax, where the data can be easily read by any fax machine and on any line, with Payecom there is actually only one key in the word that can decrypt specific data encrypted for a specific merchant. An example of 2048 bit encryption appears below...

hQIOA6uyCMgv0eAGEAgA6z1Movg61GMsNdkzupRXhlhSlncbYtTKhBpYbLpAsvDm
2NfBDPIOOoxpN2W/Y4M2ftlX4MdAa7eYIPF5eLKoRq3xKOOXy1w0j3pxEDmGaNKZ
2iYW+Geml8Ep6pNrDy2WnLnZ0Au+QKj+mAyRep7e6ePJmXkGjh9ALuBeQzj2fzf2
A7n5RFeUepYkn+kZYeFgbqGHP14B38+q18EfQNH1ofQZ2x8//YBYEABmNb9z+4UF
+jDM8FQ72HjvINqoCnhy1ijgO4j9AzQABc1LnNXdjss2wyAka3HhNi5XZ7DMaUjO
EoKIoKXBhsbN5jjXm5dZy5vXini6KTSeNDw2hr2F3gf/bLamhNStEonMvKA8D8lI
OEeyNbeIJu1B39mW72LPqLCt4hwxjAd9FxM0uQlUE01RsFt+12FqE9kIDJiaEOg1
cVgWgV9foepz6KS3pOApcrpbOh+FQc1egzOIxNNR1VAS0gbussutgRQcQpimCYC4
Cqw3KavUfAZzT/p+Zez4h1prK1V42vKD9wApMLnw/oLn3nMCe+2j7S/UWofT5c6H
42VBnPFAoijBIqK4sepL08NDgqk5pujj2OdnYv3Vpc0lUJQO2k+EsmezRXmrjiSI
dgXE8EMgpnz7kkwEIbS8/8izVvRq2NyT/xGvUYXCiirgqJXkfK0oKBOvtoQbwn8X
n9LAJwH2S0fFTxgCqdkeeCHX3cn1bFpZRNg4/aXr6ZuqAYbakIIts+E6CHR18CmO
P5YAgeI1vMNwWG3Sg6cbuAuSpFORc0zScHJoqEGsC3dL3bYWa1PfcLTmL/rViFhm
ElC/e7h/VjIZdJ51zyTJwVDvYnaiiSe/P1jKVWaf9JICmgkF97zqO2cPIqcTfvb9
jdbEQpN/ITlvVcpQJo6eDhtH3X/69O+Pb2r8Tq8ulgdVwo4c/9wIkHYKmuv9d2wf
j1ydh1W77nik6Ykg1lQWAI1rP1/jbD9UkIHN/tCNTxOhY5dHq8+9HlXTUg==
=1WqD

No Reporting & Nothing Stored
Payecom does not permanently store any sensitive or private data on its servers. Once the Payecom system has performed its task and the merchant is in receipt of the data, there is no evidence of any transactions having taken place on the Payecom servers. There are no databases, no credit card details stored, no names, no transaction numbers. It is as if the transaction simply never took place. This very important Payecom security feature eliminates one of the key causes of credit card fraud today - the permanent storing of credit card and transaction data online.

Security Advantages of NOT being 'Real Time'
With a 'real time' payment gateway anyone anywhere can enter any credit card number into your merchant account directly from your website. You have no control and no chance to check the order first. If the card is stolen but not reported stolen by the owner then the transaction will be, more than likely, instantly approved. All would seem perfectly normal to the merchant who would then supply the goods or services purchased.

Later, using this example, the merchant will be required by their bank to reverse the amount paid to them or face having it direct debited from their account by their banks internal systems. This is known as a 'charge back' and there is no avoiding it.

But a 'charge back' can mean more than just the merchant losing money, it can also mean the merchant may have lost the product they have shipped out to that "fake" customer. Recovering shipped products after they have been purchased through a "fake" transaction carries with it its own set of costly challenges.

Banks have different policies in regards how they handle "charge backs" with most charging you a hefty fee every time there is a "charge back" on your account. What ever your banks policies the end result will always be the same - a merchant can not keep money from a credit card transaction that was not paid to them or authorised to be paid to them by the rightful owner of the credit card.

However, Payecom is a very different system. It does NOT automatically communicate to your merchant account. It does NOT process the transaction in real time, this is one of Payecom's most powerful advantages. Because Payecom is a manual credit card payment gateway the merchant has the opportunity to check the order and payment details first before they themselves charge the credit card into their merchant account. Using a checking process it is more than possible to identify then delete fake transactions and fraud attempts before they do harm.

While Payecom can not possibly guarantee you will never fall victim to fraud, the Payecom system does inherently put you totally in control of every credit card payment made to you, the checking process and what is entered into your merchant account and what is not.

More Secure than "Card Present" Transactions?
In some ways Payecom may be considered more secure than a "card present" situation. With Payecom you can check the name of the card against the order details, you can check the email address, you can check the physical address, phone number, fax number etc, there are many things you can do to check the validity of the order and payment details - you have much more information to actively work with prior to deciding to charge the card. In a "card present" situation you only have a credit card and a signature, that's it.

Payment Card Industry (P.C.I.) Strengthens Online Credit Card Transaction Security
It is estimated that over 500,000 websites still ask for credit card payments by direct insecure email or by normal HTML forms that simply rely on SSL for security. These are risky and insecure methods. When using an HTML form just under SSL, only the live connection is protected, what happens to the actual credit card numbers beyond that, i.e, how are they stored and protected, is the subject of major concern for banks, credit card providers and indeed credit card paying customers themselves now.

In cases where credit card numbers are sent by normal email or are stored in databases on shared webservers, or in cases where credit card numbers may be broken up, with half being sent via insecure email and the remaining half being stored in databases on insecure shared webservers, these are all methods recently identified by the Payment Card Industry (P.C.I.) as being unacceptable for the safe and secure handling of credit card details online.

The new Payment Card Industry Data Security Standards seeks to, amongst other things, significantly strengthen online credit card transaction security world wide by targeting the mechanics of how credit cards are handled and stored on the internet. Service providers, program developers and others who handle, or create programs to handle, credit card information online are now on notice. What was allowed before may not be compliant today.

Utilising insecure methods to accept credit card payments on websites and shopping carts may now result in a merchants merchant account being suspended by their bank. Or in a worst case scenario, a merchant who actively encourages the insure transporting of credit card data may be held financially liable should something go wrong. Payecom recommends you immediately check with your bank should you have doubts about whether your chosen method used to accept credit card payments online meets with the new P.C.I. DSS requirements.

It is widely believed by industry sources that one of the main reasons why start up and small online businesses resort to risky and insecure methods to accept credit card payments from their websites or shopping carts is due to the prohibitive costs and complexities of "doing things correctly".

Unfortunately few realise that for as little as $29.00 per year for a proper manual merchant account facility at a bank (see Merchant Requirements) together with the single yearly fee for the Payecom gateway, they can be accepting credit card payment via fax machine, telephone, normal mail and through Payecom with extreme safety and security.
Home
Payecom Gateway Overview
Payecom Advantages
Payecom Security
Payecom Requirements
Payecom Pricing
Payecom Integration
Payecom Support
Payecom Live Demo
Payecom Contacts
Payecom F.A.Q.
Order Payecom Now

THAWTE secure server certification

2048 bit super strength RSA encryption

Payecom is shopping cart ready


Privacy Policy | Terms Of Service | Contact Us

Copyright 2006, 2007 © PAYECOM PTY LTD
PAYECOM PTY LTD ABN: 71121370009 | ABRN: BN19948475 | A.C.N. 121370009
PAYECOM requires merchants to have a valid merchant account at a bank that allows merchants to charge credit cards manually into it