If you’ve never purchased online before its understandable that you may feel uncertain about parting with your card details. We have tried to summarise the main concerns about purchasing online and give you a realistic perspective regarding the risk to customers:
Internet, telephone and mail order transactions are all classified as Card not present transactions because the card-holder and card are not physically present for signatures. According to the Association for Payment Clearing Services (APACS), Card not present fraud accounts for around 2% of all card fraud in the UK. APACS have also found that:
Most cases of internet fraud result when card details obtained fraudulently in the real world are then used to purchase online.
The incidence of hackers obtaining card details through merchant databases is very low.
The risk to customers is further reduced if they use a certified organisation to encrypt data.
Your best defence against fraudsters in the real world is to be vigilant with your card; dont carelessly discard receipts with your card number on it; and always check your credit or debit card statements.
There are a number of ways online purchasing can cause your credit or debit card details to fall into the wrong hands:
Your details are passed over the internet through an unsecured pathway.
The merchant knowingly deceives the customer with no intention of supplying the goods or services.
The merchant does not have adequate internal security.
If hackers access merchant databases for credit/debit card details.
In each of these cases it is possible for someone to obtain and use your credit/debit card fraudulently.
Fortunately, there are simple ways for customers to gain protection:
By using merchants eg (The Mid Wales Paragliding Centre) who accept payment through a secure payment service provider (PSP), like sage pay.
Through their credit/debit card acquirer.
Before a merchant can use a PSP they require merchant status from an acquiring bank, in order to obtain this they must meet certain criteria as set out by the bank.
PSPs like Sage Pay act as a third party, so vendors never obtain their customers card details - therefore eliminating the merchants liability for transaction related security issues. The PSP is designed to have very high levels of security so credit and debit card details are protected from hackers.
In addition customers are protected from misuse of their card details through their credit/debit card issuer. If customers find a fraudulent transaction they can issue a notice of dispute with their card provider who will reverse the transaction - this is known as a chargeback.
Sage pays highest priority is to keep sensitive information safe and private while making the online shopping experience as simple as possible.
You have the option to store your credit or debit card details in a secure e-wallet, so when shopping with us in future you need only provide your username, password and preferred payment method. The transaction process is simple and there is a full audit trail of where and how much has been spent. Customers also have the option to shop with complete anonymity.
Sage Pay provides very high levels of internet and physical security to ensure sensitive information is never compromised
Credit/debit card details are secured within 128-bit encrypted sessions.
Sensitive information is stored on a heavily encrypted database that is protected by multiple government approved firewalls.
Additional security measures include a security key that is used to produce an MD5 hash value. Hash values are often used as digital signatures as they cannot be reversed to obtain the original information. They allow the receiver to validate that the information received is identical to that sent.
Sage Pay VSP is designed so the vendor does’nt have to hold sensitive information on their site, should anyone gain unauthorised access to their database the information they obtain will not allow them to recover credit card details or other sensitive information.
The possibility of obtaining sensitive information from the Sage Pay VSP database is minimised due to high levels of encryption; firewall security and the measures taken to ensure the information is indecipherable.
Several forms of physical security and multiple levels of system backup protect the sage pays VSP and database. This makes transaction processing highly reliable and resilient to events such as security breach or power failure.
Only authorised personnel can gain access to the VSP Server and fingerprint identification is required.
Multiple servers are dedicated to particular roles.
The VSP Servers are fed by multiple power supplies and backup generators.
Secondary network connections will activate should the primary network fail.
VSP Servers have multiple connections to banking authorisation and settlement systems.