Payment Gateway Questions & Answers

In this section we answer the most commonly asked questions received by e-Path. Please feel free to contact us should you have a question not covered here.



Q. Do I need a merchant account to use e-Path?
A. Yes. You need to be able to charge the credit cards e-Path has safely handled and delivered to you in exactly the same way as you would if someone faxed through an order with their credit card details on it, paid you over the phone quoting their credit card details or sent you a completed mail order with payment or if they handed you their credit card in person. It is the merchant account, not the gateway, that actually settles funds from a credit card transaction into your account.

Q. Is it really true e-Path doesn't charge credit card transaction fees?
A. Yes it is true. e-Path is a credit card payment gateway that does not charge credit card transaction fees.

Q. Can I use a merchant account from any bank to charge credit cards from e-Path?
A. Security of cardholder data is of critical concern to e-Path not only during our own processes but also what occurs afterwards. e-Path is aware of the PCI compliance of merchant facilities and their interfacing methods from many Australian banks including Commonwealth, ANZ, NAB, Bank of Queensland etc., as well as numerous security conscious and PCI aware overseas located banks.

Therefore, if your merchant account facility and its interfacing method from these and other approved banks is PCI compliant and is approved by the bank to allow you to process card-not-present/non-face-to-face transactions through it, you may certainly charge credit cards into it that you safely receive via e-Path. Absolutely.

Q. I already have a shopping cart connected up to a live payment processor. I have been hit with charge back after charge back. Fraud has cost me a fortune, I've just about gone broke. My bank and my real time payment gateway people tells me there's nothing I can do about it. But then I found your web site. Can you guarantee if I switch to e-Path as my payment gateway I will never get another fraud payment transacted automatically online and into my account without me knowing again? I need a firm guarantee please.
A. Firstly, yes there is most certainly something you can do about it. And secondly, we ABSOLUTELY POSITIVELY GUARANTEE your merchant account facility will never receive another automated fraud transaction live on the internet without you knowing. Nothing gets into your merchant account without you checking all details first then approving it and entering it yourself.

However, you will still be accepting card-not-present/non-face-to-face credit card payments so there is always the risk someone will 'try' to fool. You will need to stay vigilant and utilise the opportunity to peruse through highly pertinent details about the buyer and order first before you decide to charge the card.

Your merchant facility and its input interface from your bank will of course have all the fraud screening systems and mechanisms as required by card vendors but with e-Path this is IN ADDITION to you having full control over whether to accept the online order and charge the card or not in the first place.

Therefore, e-Path gateway owners enjoy a significant security advantage over those that use other systems that attempt to charge the card live online blindly without the business owner even knowing.

Have a read of e-Path's eCommerce Payment Gateway Blog on this very subject.

The days where fraud is transacted live and blindly on the open internet and into your account without you knowing are ended the moment e-Path becomes your payment gateway. This is something we absolutely guarantee.

Q. I already have an EFTPOS terminal, can I use this to charge payments I get from e-Path instead of having to pay for another separate merchant account?
A. Yes absolutely. You can utilise your existing EFTPOS terminal to charge card card-not-present/non-face-to-face payments you receive. However, you will need to ensure your EFTPOS merchant facility provider is fully aware and approves you transacting card-not-present/non-face-to-face transactions into it. This is usually referred to as MOTO (mail order telephone order) or MST (merchant submitted transaction) enabling your service.

You will also need to ensure you are handling credit card details in compliance to PCI rules. If your bank is allowing you to accept card-not-resent/non-face-to-face credit card payments they will have already provided you with details on how to ensure credit card details in your possession (for example from a faxed order, telephone order or postal mail order) remains secure. In e-Path's case you are required to destroy this data once you have performed the transaction. Once this data does not exist security becomes a complete non issue and so does any liability under PCI.

Q. I have a real time online payment processing gateway but only use its virtual terminal to enter credit cards into it myself. I agree with everything you say on your site about the security advantages of being in control - bloody insane to accept everything live on the net behind my back and not be aware. I now need a PCI compliant way to receive credit card payments online and your gateway looks perfect. Can I use e-Path and still use my virtual terminal from my real time gateway?
A. Yes you can. What you use to interface with your own merchant account facility is up to you. Our only requirement is that it is PCI compliant and approved by the provider to enter card details received from card-not-presnt/non-face-to-face means.

However, you don't really have to keep your real time payment gateway virtual terminal because most banks have a variety of less expensive virtual terminal merchant facilities of their own. There are even bank supplied Smartphone apps now that allow you to interact with your own merchant account yourself.

Q. In terms of the actual credit card security my friend tells me doing it manually is not as secure as doing it by a real time payment gateway because I would see the credit card details. Is this unsafe?
A. No, that's not entirely correct. It is actually the opposite by quite a margin.

Have a read of e-Path's eCommerce Payment Gateway Blog on this very subject.

And here are some facts ....

The overwhelming majority of the worlds credit card and identity data theft can be either directly or indirectly attributed to data being compromised (hacked into, stolen, copied etc.) when permanently stored within databases, storage devices, on servers, on networks or on similar internet connected systems.

Mostly all third party online 'real-time' payment processing gateways permanently store highly sensitive credit card details, transaction data and confidential identity information usually without the card holder even knowning. Despite well over 250 million credit card details being stolen in recent years from these and other types of systems that permanently store highly confidential data within their systems, this is how it is still being done.

However, only a very small proportion of credit card data theft can be attributed to credit card details actually being physically stolen when in the sole physical possession of the official bank approved merchant account owner, i.e., when processing is done offline well away from the open internet and any internet connected storage device, system or network.

So, you tell us, as far as actual physical credit card data security is concerned, would you yourself be happy with your own private credit card and identity details being permanently stored online somewhere (perhaps at multiple locations) within the online payment gateway's systems where you may not even be allowed to get them removed, or would you prefer your details be ONLY with the official bank approved merchant account just like in the real bricks and motor world, and not even exist anywhere once the charge is performed? It really is a 'no-brainer'.

Q. Do you integrate your gateway into my shopping cart?
A. Depends which one. For osCommerce and Zen Cart yes we will do professional integration for you as a courtesy. Shopping cart developers are the only ones who know their own programming code, therefore, it is really up to them to create a module that works with their own software code. However, where ever possible e-Path technicians will always assist.

Q. Do I share a secure payment page with everyone else?
A. No. Every e-Path merchant has their own exclusive credit card payment gateway system.

Q. I'm losing sales because people are not going through with entering their credit cards on my site, does e-Path give me a proper professional gateway system where my customers will see they are being handled professionally and safely?
A. You may have a great looking website but it is security and not looks that is now, more than ever, the most important thing to online customers. It doesn't take much for a website to ask for credit cards to be entered into it and these days consumers are now very cautious of websites that 'do it all'.

So this could be why you are having trouble. e-Path provides you with your own professional payment gateway system which will instill confidence in your online payment process. The consumer knows their credit card details are being handled securely the moment they see your own formidable e-Path secure system kick-in to take good care of them.

Q. Only $275.00 per year, so what other fees and charges are going to be landed on me?
A. None. $275.00 incl GST is our yearly fee for your own fully dedicated e-Path gateway service. There is a one time $22.00 registration fee at sign up but this is only a one time fee and is perpetual. You can accept 50 or 5,000 credit card payment authorisations through your e-Path gateway and every one is free. This is very different to a typical 'real time' payment processing gateway which will charge you extra every single time you accept a credit card payment online which is in top of and in addition to your banks merchant account facility charges.

Q. I am in Brighton in England. Can I still use e-Path?
A. Yes. e-Path is a global service, you can be in any country of the world and use e-Path. You will need a merchant account facility at a bank in your home country in order to charge the credit cards your secure e-Path gateway system delivers to you from your online customers.

Q. I have a MOTO merchant account but my bank says I can't use e-Path to receive credit card payments from online, they insist I need to use a real time 'live' payment gateway system to do that. What can I do and why would the bank force me to use this much more risky method?
A. It could possibly mean the person you are dealing with at your bank may not quite understand the e-Path service. They also simply may not be aware there is a new system available that finally attacks the very core mechanisms responsible for facilitating the vast majority of credit card and identity data theft and the subsequent online credit card fraud that can result.

Don't forget before e-Path the only official bank approved way to accept credit cards online was to use the real time online payment processing system - which is a method that permanently stores your customers credit cards within its systems and that also will usually attempt to transact anything entered into it by any anonymous individual on the open internet blindly and instantly without you knowing (that's what 'live' automated online processing is). The vast majority of all online credit card fraud perpetrated on the internet is through the 'real time' payment processing system.

If your bank insists you can only accept credit cards online via that system, then it could be high time to consider switching to a bank that is much more serious about security.

The potential future of your online business and the security of your customers' credit card and identity details could most certainly be at risk here, absolutely. And if you think we may be exaggerating this risk, then here are some recent proof-positive happenings you may like to peruse through ...

More than 100 million credit cards may have been compromised in data breach
Visa confirms another payment processor breach
Credit card breach exposes 40 million accounts
40M credit cards hacked
40 million credit cards exposed
Fear in the Fast Lane (Four Corners production, Andrew Fowler, ABC TV)
Identity Security (Australian Government Attorney-General's Department)
Internet Fraud (Australian Federal Police)
E-Crime (Queensland Police Service)
The enemy in the net (ABC Radio National)
Heartland data breach proves PCI compliance is not enough
Does the Heartland breach prove PCI useless?
Heartland breach shows PCI compliance is not enough

Q. Who uses e-Path?
A. Our Privacy Policy Statement forbids us from disclosing anything about our merchants. Further, e-Path follows strict banking and finance industry guidelines regards client confidentiality. When was the last time a bank or finance company gave out the names of their clients?

It would be a highly effective marketing tool if e-Path were to publish the names of those businesses using e-Path, however, we are in the business of security at the highest possible level and pride ourselves on our security standards and policies that are all encompassing throughout our company.

But its not too difficult to find out who some of our merchants are. For example, e-Path merchants sometimes frequent a number of online e-commerce forums to share ideas and experiences, there they themselves make themselves known. e-CommerceTalk.com.au is one such place.

Q. Can you feed the data you collect into a database so I can store it on my website?
A. Sorry, no. Please view e-Path Security. This will tell you what we think about permanently storing credit card data in databases. If we permanently stored highly sensitive credit card and identity data in databases we would be no different to the typical 'real time' payment gateway system - we represent a new era in security, not an old one!!

Q. How long to set up my gateway so I can use it?
A. If all information from you is complete and your application is approved and you have sent us your desired logo/graphic to use on your gateway, then within four to seven working days of your application being submitted.

Q. My bank insists I need an SSL, but you say I don't. I'm confused.
A. Your own exclusive e-Path gateway already has SSL. When you use e-Path your website does not need another SSL because your website has nothing to do with handling credit cards. Your bank may be getting mixed up, please point them to this website. Be mindful it is a requirement placed upon merchant account providers (banks) by the card vendors themselves (Visa, MasterCard etc.) that the bank must confirm an SSL is protecting things when credit card details are entered on the internet. They are doing the right thing by wanting this confirmed - send your bank the URL (web address) of your secure and exclusive e-Path gateway for them to become satisfied.

But having said that, it is simply good practice to have your website protected by SSL. Some newer versions of browsers now alert a customer when they move from a secure (https) location back to a website that is not secure (http). We would recommend installing an SSL on your website to ensure the connection remains encrypted even after e-Path has done its job and returned the customer to your site. This way the online customer's browser will not show a warning message because they will be moving from one SSL protected location to another SSL protected location.

Q. In your Terms & Conditions you say I have to put a graphic on my site with a link to a disclosure page which tells card holders what happens to their credit card details. What if I don't want to put this graphic and link on my site?
A. Open and honest disclosure to card holders about how safe their credit card details are when paying using e-Path is part of the e-Path gateway package.

Card holders have an absolute right to know exactly what is going to happen to their credit card details. If you do not want to display the graphic with link to the e-Path disclosure page then unfortunately you will not be able to use the e-Path service as it is a condition of the service. This will indicate to you on how serious we are about improving e-commerce for everyone, not just our own gateway clients.

Q. Do you hold money and transfer it into my account?
A. No, sorry. e-Path does not touch or have anything to do with any funds from any credit card payment in any way. Please view section #1 or our Terms 0f Service Agreement/Merchant Agreement

Q. I understand if I use e-Path my website is not going to need PCI compliance certification which is going to save me a heap, but does my business still need some form of PCI compliance?
A. All businesses that accept credit card payments now require to do so in accordance with the PCI rules as it relates to their specific circumstances. There are many levels of PCI compliance. What PCI compliance level will apply to you will be largely determined by what merchant account/interfacing facility and method the bank is providing you and how you handle credit card data. Please consult with your bank.

But yes, by using e-Path your website or shopping cart is removed from needing PCI compliance - because your website or shopping cart never comes into contact with card data in the first place. Your online credit card handling activities are instantly PCI compliant with e-Path.

Q. Do you have an API so people can enter their credit card details on my website?
A. Sorry, no. One of the fundamental strengths of the e-Path system is that your customer enters their credit card details within the heavily secure e-Path PCI compliant environment.

Q. This is a real change in how things are commonly done. Are you the first ones of your type to do this?
A. Manual systems, be they online database services, shopping cart software or even other basic manual credit card handling service providers that capture credit cards online that then enable offline processing by the business owner are certainly nothing new.

However, an online credit card payment gateway that uses full strength and multiple instances of asymmetric cryptography (2,048bit encryption) on an individual per gateway basis completely separate and unique for each and every gateway merchant; each with their own separate and unique secure payment gateway page URL; that provides the PCI compliant and THAWTE SSL protected environment for each individual gateway client; that does not require bank merchant accounts to be sitting open and accessible to anonymous individuals on the open internet; and that also does not permanently store any credit card, transaction data or identity information online within its systems .... is totally new.

Yes, e-Path is the very first to pioneer this new eara of improved card holder and business owner security in accepting credit card payment authorisations online.

e-Path delivers on the enormous world wide demand for a far safer and more secure system where credit card and identity data is not left permanently stored in databases, on networks, or in any storage device by the gateway, where the business owner has their own unique and exclusive secure gateway system (not shared by other gateway merchants) and where the business owner is finally in total control over what online credit card payments they accept.

Our system is manual, it is not designed to replace 'real time' automated online processing systems. If you want an automated system then e-Path is not the answer. But if you want control over things, if you like the idea of saving money and if you want your customer's credit card data to never be permanently stored within the gateway's systems without their permission, then e-Path is worthy of serious consideration - e-Path achieves a level of security no 'real time' automated processing gateway can even come close to matching.