Visit eSec Payments Gateway Website Visit SecurePay Website
     

Customer FAQs

How does the Payment Gateway benefit consumers?
The Payment Gateway protects consumers by ensuring that credit card details are revealed only to the bank - not the merchant and not the service provider (eSec/SecurePay). A consumer's confidential payment information is not stored anywhere on the network. Furthermore, consumers can purchase immediately using any Java or SSL compatible browser, without having to retrieve and install additional software. In addition to simplifying the purchasing process and eliminating the problem of version control, this eliminates security risks associated with software such as plug-ins. Finally, when the transaction has been authorised, the consumer receives an authorisation number from the bank for their records.

What information does the consumer have to enter to pay for purchases with a credit card?
The consumer must enter their name as it appears on the card and their credit card number. They also must select the card's expiry date and the type of credit card. The dollar amount of the purchase is gathered from the merchant's Web site using a script. The final step is to click the purchase button.

Why are credit cards the best way to pay for most Internet purchases?
Credit cards offer a number of advantages over alternative payment methods in Internet commerce, particularly digital cash:

  • Consumer familiarity
    customers are already accustomed to paying for goods and services in situations where the cards do not have to be physically presented, such as purchasing over the phone
  • Regulatory protection
    with credit cards, the issuer bears the risk of theft or loss. (In Australia in instances where the card is not physically presented, the merchant, not the consumer, bears the risk of fraud.) No regulations exist to protect consumers from fraud or loss associated with digital currency. Also, if digital cash resides on the hard drive, consumers must worry about PC theft and hard drive crashes
  • Loyalty programs
    these represent an increasingly important incentive to use a credit card. Many consumers use credit because of benefits like frequent flyer points, rebates, extended warranties and so on
  • Established names
    compared with start-up companies specialising in digital cash, credit cards are issued by household names such as Visa, Mastercard and American Express

Why should an Internet consumer trust the eSec Payment Gateway?
The Payment Gateway implements need-to-know security for credit card payments over the Internet. Need-to-know security in this case means that the only party who sees a consumer's credit card is the bank, not the merchant and not the service provider. (Note that the merchant only needs to know that the transaction has been authorised, it doesn't need to know credit card numbers.) The Payment Gateway ensures that this confidential information remains encrypted all the way to the banking network. To enforce this unique security system, the Payment Gateway employs internationally recognised encryption algorithms such as RSA(r), RC4(r) and SHA. The security of the software is not compromised by U.S. export legislation. Key lengths are variable and can be periodically increased to keep pace with the ever-declining cost of computing power. In its current state, the Payment Gateway accepts variable length RSA keys and uses 128-bit RC4 keys.

Does the eSec Payment Gateway require Internet consumers to have any special hardware or software?
No. The Payment Gateway has been designed to run on a variety of hardware platforms and operating systems. Consumers need only a Java or SSL compatible browser.

How is the Payment Gateway different from Secure Sockets Layer (SSL)?
The Payment Gateway has been designed specifically for credit card transaction processing. SSL, on the other hand, is a security protocol only. Although SSL provides a form of client/server security, it cannot provide need-to-know security. For multi-party Internet commerce, the SSL security model fails since information must be decrypted at the facilitators' server (for example, the ISP) and re-encrypted before being sent to the bank. Since most security breaches on the Internet happen at the server, and there is no commercial reason for an ISP to see credit card numbers, SSL provides an inferior security environment for Internet commerce.

How can SSL provide stronger encrytion than is currently available on my browser?
If you use Netscape Navigator (v3 and v4) and Communicator (v4), that have been downloaded from the Internet, then "Fortify" can be used to increase the encryption capability of these browsers during an SSL session. The encryption key length is increased from the usual 40 or 56 bit to a maximum of 128 bit. This piece of freeware will enable you to take advantage of the strong encryption capability of the Navigator and Communicator browser.

 
eSec Home | Overview | Advantages | Enhanced Security | Products Overview | Getting Started | Pricing | Partners |
SSL Interface | Integration Interface | Merchant Login Website | Merchants FAQ | Customers FAQ | Software FAQ |
Code Integration Interface | SSL Interface | checkSig Interface |
Redirect Interface Model | Proxy Interface Model | Direct Interface Model | VbV/SecureCode Interface Model |
Logos | Security | Contact Us