Security Focus

THE PRINCIPLE OF SECURE ONLINE PAYMENTS

Thanks to the technology used and the absence of a print-out containing the unencrypted bank card number, we can confirm that it is safer to pay by bankcard on PAYBOX affiliated sites than in most local shops. The various stages of the payment process between the purchaser and PAYBOX are fully encrypted and protected. The protocol used is SSL linked with e-banking…

This means that information linked to the order and the bankcard number do not circulate unencrypted on the internet.

  • The bankcard number is not printed out onto documents, invoices, credit card receipts or other print-outs.
  • The merchant does not have access to card numbers.

The various security phases when paying online

For each payment request, the purchaser is switched over from the merchant site to the PAYBOX payment server, which is connected to the banking world.

  • The purchaser comes to an encrypted SSL payment page.
  • The purchaser enters the card number, expiry date, the visual cryptogram and an authorisation request is made. The link between the purchaser and the PAYBOX server is established in HTTPS, the secure protocol with SSL, which encrypts all the data being exchanged. This protects data sent over the web and guarantees that the purchaser’s card number cannot be intercepted unencrypted by a third party during transfer to the PAYBOX secure server. The PAYBOX home page provides the purchaser with information about the purchase: the name of the merchant (with this guaranteeing that the company has been authenticated).
  • Once the card number has gone through a preliminary level of checks (Luhn formula, list of stopped cards etc.), the PAYBOX server makes an authorisation request to the banking centre to which the merchant is affiliated. This is carried out using standardised banking protocols on a specialised telecommunications network.
  • The bank’s authorisation centre transmits an authorisation number or declines the card. If the payment is accepted, PAYBOX then carries out the following operations: displays payment confirmation on the purchaser’s screen (option), sends payment confirmation by e-mail to the purchaser and merchant. The card number is NEVER transmitted to the merchant.
  • The purchaser is then automatically redirected to the merchant’s server where s/he can continue browsing.

A special process developed by PAYBOX enables PAYBOX to monitor in real time the behaviour of card holders, specifically to prevent the payment server being used to test out automatically generated card numbers or for other types of attacks.

Check that you are in secure mode when paying online

When the purchaser is redirected to the payment page, the start of the website’s address at the top of the screen changes to “https://” with the “s” following “http” showing that communication is secure.
In secure mode a locked padlock appears at the bottom of the browser.

Screenshot Firefox :

CaptureURL

 

Screenshot Internet Explorer :

CaptureURL_IE