Risk and Fraud Management

Payment Express are pioneers of Payment and Billing systems, certified with seamless connectivity for settlement into every bank in Australia and New Zealand, Westpac Pacific Islands and most major banks in the US and UK. For more information on this visit our connectivity page. Payment Express develops software which processes electronic transactions in real time.

Security of credit card information and personal data that is routed via Payment Express is of extreme importance and as such this document aims to outline best practice solutions that Payment Express recommends to all merchants.

Risk and Fraud Management

Security and Infrastructure

Payment Express have a dedicated development and data centre specially designed for payment processing. Payment Express are fully certified and compliant with Visa AIS (Account Information Security) and MasterCard SDP (Site Data Protection) (PCI-DSS) at processor level; using Ernest and Young Risk Management for quarterly scans on systems and full onsite audits, annually.

Payment Express own all internal networking and security infrastructure, including dual Host systems and cold stand-by at the IBM data centre, dual UPS, multi-ohm internet connectivity, failover switches and backup generators. We also have a host system based in Sydney for our Australian customers and a private GPRS network, in Australia and NZ, for wireless payment processing.

Understanding Potential Risks

There is a level of risk involved when accepting credit cards in a 'card not present' situation. Examples of 'card not present' transactions include accepting credit cards over the phone, via fax or via a website. In these cases, it is not possible to validate the signature of the card holder thus increasing the risk of fraudulent transactions. Often, some business types are more susceptible to fraud than others. It is important to understand ways in which fraud can be reduced by incorporating some of the features described in this section.

How can I practice safe online trading?

Payment Express' fully hosted payment solution PxPay 2.0 allows users to process payments on our secure servers. We are fully AIS (Account Information Security) and SDP (Site Data Protection) commonly encompassed as PCIDSS certified. Using our hosted solutions removes the risk from the merchant having to store sensitive credit card information on their servers or databases.

Payment Express hosted solutions provides the end user with a fully encrypted (SSL) payment page and comes pre built with exception handling resulting in reduced website development time and costs.

Cost Savings

No secure certificate (SSL) certificate is required to be purchased as all payment (sensitive) information is collected on our own servers

Reduced cost in development. Payment Express hosted solutions come built with a robust engine for catching exceptions.

Payment Express hosted solutions come packaged with 3D Secure capabilities. 3D Secure is discussed in greater detail in the following sections.

The merchant is covered for all future mandates that banks impose upon them as e-merchants, and will incur no further development or compliance costs.

Tips to Help Mitigate Fraud

Display the Payment Express privacy policy

This is an important step and often shows your customer that you are indeed serious about the way in which you collect information in line with banking requirements, Payment Express mandate this for all integrated solutions as well.

Additional information such as your shipping procedure should also be outlined as either a sub-section of this policy document or as a separate document altogether, should you wish to display more detailed information.

Display the Payment Express logo on your payments pages

It is often comforting for the consumer to know that transactions processed via your application are back-ended by Payment Express. We lead the electronic payments market in Australasia and as a further reassurance, you can provide a link to testimonials from some of our high profile customers.

Draw attention to additional security policies

If you have implemented additional secure processes (e.g. 3D Secure), make this known to the customer. Explain these processes in a clear and comprehensible format.

Display information on your sales / refund policy

This will allow your customer to view your company's policy on sales and refunds. You may also want to include a 'terms and conditions' of sale policy alongside this information as well.

Additional information such as your shipping procedure should also be outlined as either a sub-section of this policy document or as a separate document altogether, should you wish to display more detailed information.

Additional Security Implementations

3D Secure

Authentication Visa and MasterCard have each developed schemes to further protect merchants from fraudulent transactions with Verified by Visa and SecureCode.

Each of these schemes requires the consumer to enter a password, unique to each credit card before a transaction is approved. This additional step requires both the merchant and the card holder to be enrolled as participating members.

Payment Express can make available at no additional cost to merchants using the Hosted Payments Page package a merchant plug-in (MPI) that will enable 3D secure functionality.

Pre-authorisation / Completion ("Tipping")

This is a two step transaction involving a consumer initiating a purchase. This process is particularly useful for merchants that want 'complete control' over their order fulfillment process or have a need to verify that the product is in stock before any money changes hands. To enable this functionality, please contact merchant services at your bank.

Step 1: Pre-authorisation In this step, the consumers' credit card is validated for a predefined amount. If approved, these funds are guaranteed to be available to the merchant for up to 7 days. If for any reason, you decide not to go ahead with completion of this transaction - you as the merchant simply need to take no further action.

Step 2: Completion This is the second step to this transaction. Once the merchant has validated the contents of the order and feels comfortable in fulfilling this, he/she will need to 'complete' the transaction. In this stage, money is 'transferred' between the card holder (consumer) and the merchant.


CVC values are found on Visa and MasterCard and CID values are found on American Express cards. The CVC value is a four digit non-embossed number that is on the back of a Visa and MasterCard. CID values and just above the credit card number on American Express cards, as illustrated below.