Visit eSec Payments Gateway Website Visit SecurePay Website
     

Merchant FAQs

How does the Payment Gateway benefit Web merchants?
eSec's Payment Gateway allows Web merchants to offer credit cards as a payment alternative for Internet business. Payment Gateway Web merchants are fully authorised to process credit card transactions in realtime and get paid in full each day. The commercial benefits of the Payment Gateway include:

  • Overnight settlement
    the cash from authorised transactions goes into the merchant's bank account overnight
  • Zero floor limit
    since all credit card payment requests are processed in real-time, the merchant can accept transactions of any value without seeking independent authorisation from the bank
  • Elimination of re-keying
    credit card transactions no longer have to be re-keyed for batch processing by the bank
  • Cost reduction
    realtime payment authorisation eliminates much of the administrative overheads associated with manual credit card processing

What do I need to get started with eSec's Payment Gateway?
The first requirement is to organise a merchant agreement with one or more of the following Australian banks or financial institutions: American Express, Commonwealth Bank of Australia (CBA), Diners Club, or Westpac (WBC).
To obtain Visa, MasterCard and Bankcard agreements contact CBA or WBC. AMEX and Diners require separate merchant agreements. Please contact the relevant institution.
With each merchant agreement you will receive a merchant number. Once you have this number(s), you should inform eSec. You must also complete a Merchant Agreement and Merchant Information Form, available from the Getting Started menu above.

Where do I find the Payment Gateway Implementation Guide?
The Payment Gateway Implementation Guide is provided online, under the Developer Support menu, above.

How does the merchant reconcile the funds that are deposited in their bank account each day?
The Payment Gateway provides the merchant with daily transaction reports. These are delivered via email. Transactions may also be viewed, searched, printed, refunded, or reversed, in real time via SecurePay's Secure Merchant Login web interface.

I want to provide a service to my clients in realtime. Can I do this without any security problems?
eSec's Payment Gateway has a security feature developed for Web merchants who need to fulfil orders immediately on receipt of payment authorisation from the bank or credit card acquirer. This security feature provides protection against the ability of an untrustworthy Internet user to generate spurious calls to the Common Gateway Interface (CGI) script that alerts the merchant of the credit card authorisation.
The Payment Gateway allows for information to be collected that will only be generated from activity that occurs between the Web merchant's shopping cart environment, the Payment Gateway front-end and the bank. The two sets of information are collected at eSec's server, encrypted with eSec's private key and sent to the Web merchant's server in addition to the standard transaction response.
By using this security feature, the merchant has access to the eSec public key and can decrypt this additional information. This decrypted information is compared to the original information that was returned to the merchant server in the standard transaction response. If the two sets of information are found to match, the merchant server can be certain that the transaction reponse that it has received genuinely originated from the Payment Gateway front-end and that the credit card has been processed. The Web merchant's server may then safely provide the online service to the client.
As the Payment Gateway security feature runs on the Web merchant's server, a Java Virtual Machine (JVM) is required to be installed on the server.

What is a merchant agreement?
A Merchant Agreement is a commercial agreement between a financial institution and the merchant. It allows the merchant to accept credit cards as a form of payment for the goods and services that they sell.

How do I get a merchant number?
Contact the Merchant Services department at Commonwealth Bank, Westpac Bank, American Express, and Diners Club. Contact details can be found under the Getting Started menu, above.

I already have a merchant agreement but it doesn't say anything about the Internet transactions. Is that sufficient?
It might be. You should contact your bank and explain that you want to start sending them transactions from the Internet through the First Data Resources Australia (FDRA) payment switching network.

I have a merchant agreement that allows me to accept credit card transactions from the Internet routed through First Data Resources Australia (FDRA). What's the next step?
See the steps under the Getting Started menu, above.

My Web site already supports a complete shopping environment. Can I use the Payment Gateway?
Yes. The Payment Gateway has been designed to integrate smoothly into a pre-existing Web shopping environment.

I'm not a programmer, and don't have any Java expertise. Does that matter?
You don't need any knowledge of Java to implement the Payment Gateway SSL interface. You just need to understand HTML and CGI, or have access to the services of someone who does.

How is the eSec SSL Web Interface different from Secure Sockets Layer (SSL) used on its own?
The SSL Web Interface has been designed specifically for credit card transaction processing. SSL, on the other hand, is a security protocol only. Although SSL provides a form of client/server security, it cannot provide need-to-know security. For multi-party Internet commerce, the SSL security model fails since information must be decrypted at the facilitators' server (for example, the ISP) and re-encrypted before being sent to the bank. Since most security breaches on the Internet happen at the server, and there is no commercial reason for an ISP to see credit card numbers, SSL provides an inferior security environment for Internet commerce.

I want to use the SSL front-end but would like to be able to offer my clients the optimum protection if they want it. How can I do this?
If your clients use Netscape Navigator (v3 and v4) and Communicator (v4), that have been downloaded from the Internet, then "Fortify" can be used to increase the encryption capability of these browsers during an SSL session. The encryption key length is increased from the usual 40 or 56 bit to a maximum of 128 bit. This piece of freeware will enable your clients to take advantage of the strong encryption capability of the Navigator and Communicator browser.

 
eSec Home | Overview | Advantages | Enhanced Security | Products Overview | Getting Started | Pricing | Partners |
SSL Interface | Integration Interface | Merchant Login Website | Merchants FAQ | Customers FAQ | Software FAQ |
Code Integration Interface | SSL Interface | checkSig Interface |
Redirect Interface Model | Proxy Interface Model | Direct Interface Model | VbV/SecureCode Interface Model |
Logos | Security | Contact Us