Accept Credit Cards On Your Website

The online business owner, otherwise known as the 'merchant', finally enjoys total control of their e-commerce business, reduced costs and greatly improved levels of protection.

• A much less expensive system to begin with. No gateway transaction fees and e-Path is one of the all time most affordable credit card payment gateways.
  
• Easy to connect to. No special programs or server side configurations needed.
• No costly SSL or dedicated IP address needed for your website. Your gateway will be fully protected by THAWTE SSL provided by e-Path.
• No PCI DSS compliance certification needed for your website because your website doesn't touch credit card data. Your secure e-Path gateway is PCI DSS compliant which means you will be accepting credit cards online in accordance with PCI requirements.
• Your merchant account is completely removed from the vulnerabilities of the open internet. Gone are the days when anyone anywhere can transact a stolen credit card 'live' into your merchant account without you knowing then you have to wear the cost of the loss down the track. That insane risk ends with e-Path.
  
• You decide what online credit cards payments you accept.
• You decide what online credit card payments are charged into your merchant account.
  
• If you have an existing EFTPOS terminal approved to allow card not present transactions to be entered (MOTO enabled), then you may not need another merchant account at all.
• If you need a merchant account from a bank then the manual merchant account type can in some cases be cheaper than an internet only based merchant account facility.

Despite the best efforts from within the industry near 75% of all credit card fraud can be traced back to credit card data being compromised (hacked, copied, stolen, etc.) when stored on internet accessible storage devices.

Even with this undeniable risk third party payment gateway processors still permanently store credit card data in internet accessible devices to this very day. They have no choice because this is how the third party online processing system was designed all those years ago. This is how the system operates.

So serious is this risk to the security of sensitive credit card and personal identity data that many hundreds of millions of dollars are spent each and every year in the relentless pursuit to protect permanently stored credit card details from 'hackers' and 'cyber criminals'. The PCI DSS itself was born from a critical need to help counter this very vulnerability (amongst others).

Ever evolving techniques and methods invented by unscrupulously individuals means the battle to defend against these threats is an ongoing one, day after day, week after week. Unfortunately sometimes hackers get in - ZDNet Australia, CNN Money, msnbc.

However, with e-Path this utmost serious vulnerability simply no longer exists.

e-Path has been engineered to eliminate the need for credit card data to be permanently stored online once and for all. Therefore, e-Path terminates the very core reason why credit card details potentially become available to 'hackers', 'fraudsters' and 'cyber criminals' in the very first instance.

Once the business owner is in receipt of their customers credit card charge authorisation, as far as e-Path and the internet is concerned it is as if that online payment never occurred in the first place. Nothing is permanently stored by e-Path on the internet. No names, no card numbers, no expiry dates, nothing.

For the first time cardholders can now pay by credit card online using a secure payment gateway and not be worried about their credit card details being permanently stored in some database or in some storage device somewhere by the gateway.

For the mainstream e-commerce industry it means a brand new supreme level of security for sensitive card data has finally arrived - when credit card data doesn't exist anywhere in any online permanent storage device or system then credit card data can't possibly be stolen or compromised. You can't thieve something that doesn't exist!

When a bank provides a business owner with a manual merchant account facility to enable that business owner to charge credit card payments received online through e-Path, the banks exposure to direct risk can be greatly reduced than when compared to if it were supplying an internet based merchant account facility connected up to a third party real time payment processing type gateway.

While card not present transactions are still a relatively high risk transaction type, the fact is a manual merchant account will never allow anonymous online individuals to directly and automatically transact a stolen credit card live into it, the ability of which is the number one reason why fraud is so easily perpetrated anonymously online today.

With the current third party 'real time' processing gateway/internet based merchant account system anyone anywhere can anonymously enter any credit card they like online for it to be communicated live directly with the merchant account of a business owner without the business owner even knowing. It can be well argued that the third party gateway online processing system's actual design has inadvertently created the perfect made-to-measure tool for 'fraudsters' and 'cyber criminals' to facilitate their illegal activities on the internet in the first place.

To counter this, anti-fraud screening services such as 3-D Secure™, Verified By Visa™, Master Card Secure Code™ etc., can be deployed to defend against this open vulnerability. Each are highly potent and powerful automated fraud screening systems that are continually being improved upon. But circumstances need to be right for them to be effective.

There is a crippling $600 million fraud cost (and growing) each year that more than suggests automated fraud screening systems have a little way to go before they can unequivocally guarantee 100% protection for the online business owner against falling victim to fraudsters instantly transacting stolen credit cards into a live gateway and thus directly into the merchant account of the online business owner.

However, when e-Path is the gateway, for the first time banks can now provide a manual merchant account service to transact credit cards received online where only the legitimate bank approved merchant account owner is the only one performing the charge into the merchant account.

The merchant account facility is not being left open and accessible to the entire population on the internet and will not allow anonymous individuals to transact any credit card they like into it live on the net - that appalling vulnerability is completely eliminated when a manual merchant account is used. Therefore, overall exposure to direct risk for both the business owner and the bank itself is greatly reduced.

The end result of this is not only substancial potential cost savings for both the online business owner and the bank itself but also they both are making a tangible overall contribution towards reducing online credit card fraud.

Fraudsters and cyber criminals suddenly no longer have the means to anonymously transact stolen credit cards 'live' on the net and get the live transaction response they look for. This wide open door is shut permanently closed when e-Path is the gateway and a manual merchant account is the merchant account facility.

The bank will also be aware that with a manual merchant account the business owner now has the opportunity to check highly pertinent details about the buyer and order prior to deciding to charge the card. This means the business owner has the chance to identify and terminate any fraudulent payment attempts prior to them doing any harm - again, something that is not possible when accepting credit cards online 'live' on the net via a third party 'real time' processing gateway system connected to an internet only based merchant account facility.

The fact that banks can now supply merchant account facilities that will only allow approved merchant account owner access as opposed to allowing full and open anonymous access from anyone anywhere on the entire internet represents a benchmark tightening-up of a core vunerability that banks have always previously had to deal with, and factor in the cost of, when providing merchant account facilities for accepting credit cards online.

We of course can not speak on behalf of card vendor companies, but the fact they can now supply their credit card product to consumers to engage in online e-commerce knowing their product will no longer be permanently stored in any form of internet accessible database or storage device, we assume, must be considered as a tangible positive.

Recently 40 million credit cards were stolen from a third party payment gateway processor, see - ZDNet Australia, CNN Money, msnbc. It is estimated to cost card vendors around $10.00 to replace a single credit card. That's a 400 million dollar cost just on replacing the stolen credit cards alone, not even taking into account the cost of the fraud that was involved.

Yet, had e-Path been the credit card payment gateway not a single credit card would have been permanently stored anywhere online in the first place, therefore, not a single credit card could have possibly been stolen. You can't thieve something that doesn't exist.

We do not want to infer or imply card vendors have a particular attitude or view towards the new e-Path service one way of the other, however, we can safely assume there would have been some serious 'back patting' had they been saved from having to spend 400 million dollars, not to mention the enormous cost that also could have been saved that was incurred by every business around the world that supplied products or services purchased with those stolen credit cards.