Make your business transparent with reporting capabilities
- Ensure the quality of your payment business
- Make your payment acceptance rates transparent
- Optimize choice of payment methods based on acceptance rates
- Control your merchant accounts through payment and risk management analytics
- Easy sales controlling through payment analytics
- Use reports as basis for your reconciliation processes
- Reports include all technical and business relevant data for processed or declined transactions.
- Receive aggregated reports grouped by more than 20 dimensions from payment method to country and currency to date.
- Receive reports automatically or by download your individual report manually.
- Freely customize your export or select a template from pre-defined templates.
- Create and store customized reporting templates personalized to your needs.
- Reports are PCI-compliant, e.g. they either do not contain card data or card data are masked.
- Choose between different report file formats such as csv and excel.
- Use the reports for: o Reconciliation purpose such as system consolidations, o Operational processes such as tracking of processed/shipped orders, o Conversion rate analysis, e.g. which payment methods have the highest acceptance rates, o Chargeback analysis, e.g. monitor chargeback rates.
- Single transactions export: o Includes all technical and business relevant data, o Automatic or manual export option.
- • Aggregated export: o Shows sums and volumes of processed payments o Manual export option.
- • Data warehouse analysis export: o Perform payment and chargeback analysis, by payment method, payment type, country, currency, chargeback reason codes, etc… o Multi-dimensional cube for analysis of top 5sales channel KPI, top regional or payment method figures, check conversions per scheme etc.. o Navigate through time and analyze chargeback and rejection rates and reasons o Presentation layer provides different graphical diagram templates serving any use case displaying the processing data in charts of column, line, pie or bar diagrams. o Manual export option.
- • XML query API: o Send real-time request xml queries for single and multi-transaction status
Simple PCI – from burden to benefit
- You act PCI-DSS-compliant from day one
- No compliance issues with credit card payments
- No extra effort for secure transactions with credit card payments
- You can focus on your business
- You save up to €300,000 per year on PCI compliance
- Highest-available degree of security
Compliance core processes
- System and security engineers are on duty 24/7to react immediately to any kind of service or security event
- The processing system has to be located in PCI-compliant data centres that have video surveillance and access control through the use of a badge, PIN code and hand/palm scanner
- Implementation of an incident response plan, which describes procedures to be taken in the event of a security or data breach
Compliance core principles
- The ‘four-eyes principle’ is enforced throughout the company, including in the development and operations departments
- Cross-department workflows to ensure ‘four-eyes principle’ is implemented
- Need-to-know principle, in which all information is kept confidential
- Separation of operations and development to enforce need-to-know principle and strict security: for example, developers have no access to any live system nor do they know of any of the passwords used in the production environment
- Ongoing, company-wide security-awareness training
- Daily, ongoing processes like log-file monitoring, security and audit-logging reviews
- Regular security assessments and penetration tests by certified security engineers
- Standardised cross-department system-change-management processes
- Redundant, multilayer external and internal firewalls
- Redundant Web application firewalls
- More than 25 security-monitoring servers in the production environment
- Passwords are one-way encrypted
- Instant notification of alerts via SMS and email to all operations members
- Segregation of duties (need-to-know principle)
- Multiple internal networks to segregate system components according to security levels
- Active–active load-balancer setup to optimise system performance and reliabilities
- Encrypted communication channels (VPN, SSLv3, etc.) between data centres
- DDOS mitigation solution to automatically detect and mitigate DDOS attacks on the payment system
- Encrypted storage of sensitive information like credit card numbers –encrypted, secure and verified backups
- Network intrusion detection systems (NIDS) on every network perimeter to detect dangerous and malicious traffic between every single system component
- Host intrusion detection systems (HIDS) on every single server node, for instance, to detect file manipulation and unlawful access attempts
- Real-time antivirus scanning on all APIs
- System components are always kept secure and up-to-date by means of regular system maintenance(security updates and patches) without downtime or impact on customers
- One functionality per server – decentralization of services to maximize security and transparency
- Internal security specialists (TISP, OPST etc.) to validate all system changes
- Real-time security monitoring, weekly internal and external security scans and penetration tests to ensure maximum security
- OWASP security training for developers to enforce secure programming based on standards set by security engineers around the world
- Pair programming to ensure high-quality application source code
- Every single line of source code is verified by a second engineer before it is applied to the system
Merchant-managed recurring billing
- Offer your own flexible subscription models
- Have full control of all billing parameters
- Adapt your marketing strategy with flexible price or product variations, which activate shoppers and help you to react to market changes immediately
- Address new shopper groups
- Increase shopper conversion rate through individual subscription and marketing models
- Minimise business risk through tokenisation
- Start immediately after one day of implementation
- No interruption of merchant services during data and service migration
- No data lock. Your data belong to you!
How it works
- The registration module collects all essential shopper data and payment methods used for regular payments, managing these in a secure way that is certified according topics (level 1). The registration data is abstracted via a token used for subsequent payment.
- The merchant calls the payment platform and requests to debit a shopper, referencing the registration details via the token provided; this initiates a recurring payment cycle.
- The merchant repeats the payment collection as defined by the shopper’s subscription agreement. For regular processing, merchants can adapt their marketing strategy with flexible price or product variations, which activate the shopper or initiate a reaction to competitors.
- In case the shopper cancels the service, the merchant deregisters the shopper in the registration module. All data will be deactivated and archived securely according to industry standards and regulations.
- In case the Account Updater service is supported by the issuer, expired card details can be automatically updated.
Recurring Billing with Stored Billing Plans
Easy recurring billing with a ready-to-use, PCI-compliant stored billing plan implementation
- Save time and money through process automation
- Minimise business risk through tokenisation
- Minimise PCI-DSS effort
- Billing plans range from simple to sophisticated
- Fast and easy integration– no development required on your part
- Full data exports available; no data lock-in
- During shopper registration, the payment gateway collects all essential shopper and payment data, managing these in a secure way that is certified according to PCI. The registration data is represented via a token used for subsequent payments.
- Based on this registration, you can set up an automated billing plan by submitting a scheduling request to the gateway. In addition to the token, the scheduling request contains the amount, currency and description of the payment to be repeated, as well as the trial period, frequency, duration and an optional cancellation period for the billing plan.
- After the billing plan is set up, the gateway will automatically trigger recurring payments in regular intervals as defined in the billing plan for the duration of that plan. If an account updater service is supported by the issuer, expired card details can be automatically updated.
You are free to change or cancel existing billing plans at any time by sending a rescheduling (change) or de-scheduling (cancellation) request to the gateway. Cancellations will become effective only after the cancellation period of the billing plan, if one was defined earlier on.
- Even after a billing plan has expired or has been cancelled, the same registration token can still be used for new billing plans or one-off payments until the merchant decides to de-register the shopper. In this case, all shopper data will be deactivated and archived securely according to PCI data security standards and regulations.
- Multiple independent billing plans can be created for the same token, which allows the modelling of advanced recurring scenarios.
- The token and the payment data represented by it are stored independently from the billing plan and can be used for one-off payments in addition to the billing plan.
PCI-compliant tokenisation solution
- No need to save any sensitive account details
- Simple and secure implementation of scenarios such as one-click checkouts or recurring billing
- Minimize PCI-DSS effort for you
- Applicable for non-PCI-regulated data such as bank accounts or eWallets
- Compatible with e-commerce systems and processors
- Works with any checkout module
- Register account details and get a token returned
- No need to save account details in your system
- Matching token and account details is only possible in the highly secured gateway environment
- Less sensitive data like BIN, last 4 digits, holder or expiry date can be saved for identification reasons without breaching card industry standards
- Ideal supplement to the gateway’s hosted payment page solu¬tions for fully PCI-DSS-compliant processing with no hassle
- Captures and refunds, partial captures or receipts are fully available for tokenised accounts
- The link between the token and the actual data exists only within the payment gateway.
- The payment platform is fully certified according to PCI-DSS Level 1, meets the highest security standards and is operated by a team of experts dedicated to security, privacy and compliance.
- The payment platform is operated in a data centre certified to PCI-DSS, ISO 27001 and ISO 9001 standards.
- The gateway and hence the tokenisation itself meets your highest demands in terms of availability, scalability and reliability.
- Intelligent clean-up routines ensure the availability of your data as long as required by your business.
- The gateway does not lock you in by holding your data hostage.
Smart Transaction Routing
FunctionalityYou can configure if, where and how transactionsare routed to different MIDs based on:
- Credit cardbrand
- Direct debitcountry
- Credit card/debit card BIN country
- Credit card/debit card BIN or BIN range
- Clearing institute velocity
- Merchant account velocity1
- Weighting (e.g. 60%–40% split)
- First-timevs.returning/known shopper
- Recurring or one-time payment
- Ticket size (payment amount)
Number or total volume of transactions per time unit.Please refer to the following feature matrix to find out which routing options might best help you to maximise your profits.
Type of routing
Optimise profits through advanced risk management
- Minimize chargeback fees, fraudulent and unauthorized transactions
- Increase conversion rate rather than refusing good business
- Customize filter settings according to your business needs
- Increase reputation through minimizing fraud
- Easy to use – no special technical configurations needed
FunctionalityOur more than 120 internal risk management tools can be applied to transactions involving e-commerce, remittance, adult entertainment, MLM (multi-level marketing), travel, pharmacy, dating, gaming and gambling. We have several years’ experience in creating the perfect fit for your merchant’s risk set-up.
Technical featuresTo achieve a state-of-the-art risk management, all checks offered can be easily activated through the merchant backend platform. No technical configuration is needed. Activation of additional external risk checks is also available. All checks are executed and scored in real time.
- Data validation, like doublet checks, black and white lists
- General checks, like BIN checks, address verification
- IP-based checks, e.g. anonymous proxy or geo-location built on Neustar IP (formerly Quova)
- Plausibility and velocity checks
- Intelligent fraud detection algorithms
- Authentication checks, like 3-D Secure, email, SMS, bank account or credit card authentication
- Monitoring and control through data-mining correlation tests
- External risk checks, like Schufa, Info score, Threat Matrix, ReD Shield, Gatekeeper, Delta vista Transactions that are below a predefined and fully customisable threshold are declined; the rest are approved.
Maximise profits through modular risk intelligence
FunctionalityThe gateway serves a variety of payment and financial institutions worldwide. Therefore, our more than 120 internal risk management tools can be applied to transactions including e-commerce, remittance, adult entertainment, multi-level marketing, travel, pharmacy, dating, gaming and gambling and many more. We have abundant experience in creating the perfect fit for an optimal risk set-up. Validation and risk checks can be carried out in a stand-alone transaction, before the actual payment, to allow you to adapt your workflow according to the result. Stand-alone risk checks can be used to determine the payment method selection offered to a shopper. Shoppers with a low score value only have access to payment methods with little to zero risk, e.g. online bank transfer
Technical featuresAll checks are executed and scored in real time. Transactions that are below a customisable threshold are declined; the rest are approved. You can also choose to have transactions marked for manual review if they fall within a certain score range.
- Semantic customer validation
- Algorithmic and database account validation
- Black and white lists on account numbers, email addresses, IP addresses, BINs, etc.
- Payment type and ticket size restrictions
- Plausibility checks
- IP-based and geolocation checks built on Neustar IP (formerly Quova)
- Correlation checks
- Fraud-detection algorithms
- Velocity checks on accounts, merchants, IP and email addresses
- Authentication methods such as micro deposits, SMS, email, bank account or credit card authentication
- AVS verification
- 3D Secure (Verified by Visa / MasterCard Secure Code / J/Secure)
- Additional selection of third-party checks available
Merchant Payment Integration Options
- Get online quickly to start earning money faster
- Options that can be used fast but still customized to your needs
- Pick the right options that fit into your existing application landscape and workflows
- Easy switch from and to other integrations
- Generate customer trust with PCI DSS compliance
- Integrate with every aspect of all payment related back office system
By applying COPY and PAY, our new merchant integration option, merchants can integrate a self-hosted payment page within minutes and still maintain full control on their look and feel. Alternatively to fit existing portfolios we continue to provide and support a classic hosted payment page. Both options require minimum PCI compliance efforts.
The XML and HTTP POST APIs allows merchants to send in online payment transactions while maintaining full end-to-end control over the user experience as well as integrating their back offices with the payment gateway.
For integrating your back office for example the logistics or order management solutions that generate large number of transactions at the same time, such as SAP R/3, there is a high-performance batch processing interface available
The virtual terminal user interface is optimized for fast data entry by call center agents.
Mobile Point of Sale (mPOS) allows merchants to accept card-present transactions at the point of sale on mobile devices using magnetic stripe readers as well as EMV certified Chip &PIN setups.
Mobile Commerce (mCommerce) allows shoppers to pay on their mobile devices in mobile applications from shopper apps to mobile wallets.
Merchant that use popular shop engines just download and install the appropriate payment plug-in.
Please refer to the following feature matrix to help you find out which integration options fit your business best.
*For more information please refer to:https://www.pcisecuritystandards.org/documents/pci_dss_saq_instr_guide_v2.0.pdf
COPY and PAY
COPY and PAY, easy payment integration for merchants: Host your own payment page, in your own design within minutes
By applying the platform’s new merchant integration option “COPY and PAY”, you develop and host your very own payment page. In this case, you will not touch critical credit card data, as the form posts the data directly to the gateway’s servers, so PCI compliance is achieved with a minimum of effort.
A sophisticated widget library makes it easy to build the payment forms and handles the different workflows that come with different payment methods.
It’s as easy as this:
- You prepare a token for the payment by sending one request with credentials and unmodifyable data, such as an amount in a server-to-server call.
- Finally, you easily get the result of the payment in a simple call either server-side or from the browser, using the token obtained earlier.
And as flexible as that:
What if you need a checkbox for a newsletter that needs to be sent right away along with the account details?
No problem: any merchant-defined parameters can be sent and are returned.
What if you want to send credentials from the server first and then collect the shopper’s address data in a browser form, calculate the final amount on the server and finally let the shopper enter the account details?
Not an issue: The payment session in “COPY and PAY “is accessible by a token until the payment is ultimately triggered. You are informed about data entered in each and every step.
What if you require the widget library to do something different than intended?
What if you want to integrate 3D Secure or asynchronous payment schemes?
No problem – the various call backs involved in complex asynchronous workflows automatically get handled by the COPY and PAY integration. For you, the workflow is the same, whether the payment scheme is asynchronous or not.