THE PRINCIPLE OF SECURE ONLINE PAYMENTS
Thanks to the technology used and the absence of a print-out containing the unencrypted bank card number, we can confirm that it is safer to pay by bankcard on Paybox affiliated sites than in most local shops.
The various stages of the payment process between the purchaser and Paybox are fully encrypted and protected. The protocol used is SSL linked with e-banking..
This means that information linked to the order and the bankcard number do not circulate unencrypted on the internet.
The bankcard number is not printed out onto documents, invoices, credit card receipts or other print-outs.
The merchant does not have access to card numbers.
The various security phases when paying online
For each payment request, the purchaser is switched over from the merchant site to the Paybox System payment server, which is connected to the banking world.
The purchaser comes to an encrypted SSL payment page.
The purchaser enters the card number, expiry date, the visual cryptogram and an authorisation request is made. The link between the purchaser and the Paybox System server is established in HTTPS, the secure protocol with SSL, which encrypts all the data being exchanged. This protects data sent over the web and guarantees that the purchaser's card number cannot be intercepted unencrypted by a third party during transfer to the Paybox System secure server. The Paybox System home page provides the purchaser with information about the purchase: the name of the merchant (with this guaranteeing that the company has been authenticated).
Once the card number has gone through a preliminary level of checks (Luhn formula, list of stopped cards etc.), the Paybox System server makes an authorisation request to the banking centre to which the merchant is affiliated. This is carried out using standardised banking protocols on a specialised telecommunications network.
The bank's authorisation centre transmits an authorisation number or declines the card. If the payment is accepted, Paybox System then carries out the following operations: displays payment confirmation on the purchaser's screen (option), sends payment confirmation by e-mail to the purchaser and merchant. The card number is NEVER transmitted to the merchant.
The purchaser is then automatically redirected to the merchant's server where s/he can continue browsing.
A special process developed by Paybox Services enables Paybox System to monitor in real time the behaviour of card holders, specifically to prevent the payment server being used to test out automatically generated card numbers or for other types of attacks:
Searching for BIN by increments, derivation or masks
Large numbers of attempts using different expiry dates
Random IP addresses used by holders.
“Fake” bankcards etc.
Check that you are in secure mode when paying online
In secure mode a locked padlock appears at the bottom of the browser.
The start of the website's address at the top of the screen changes to https:// with the “s” following “http” showing that communication is secure.
To use a Paybox card payment service, a merchant must hold a distance selling e-banking account at an identified banking institution.
PAYBOX PLATFORM SECURITY
Paybox naturally holds Visa and MasterCard PCI-DSS programme accreditation.
The various audits carried out have confirmed that Paybox Services applies a high level of security and integrity supplemented by sustained technology development monitoring, in order to maintain the infrastructure of its double platform.
It is also worth highlighting that Paybox Services is the first French operator to get all of its services (e-commerce and local payments) certified.
The PCI-DSS programme imposes security standards defined by Visa, MasterCard, the Groupement CB, American Express and a large number of payment systems.