Why transactional security must be at the core of any payment gateway

For organisations with high capacity transaction volumes, there are a few important factors that need to be considered when implementing an online payment processing solution. One is ensuring you’re offering plenty of choice to the customer – both in terms of different currencies (both processing and settlement) as well as card payment options.

Another is that the payment process (from the moment a customer enters their card details and clicks ‘buy now’, to the money arriving safely in the merchant’s account) is fast, efficient and reliable. Many processing platforms perform transactions in real-time, allowing merchants to conduct reports in real-time, thus improving their ability to respond to any issues quickly.

But arguably the most important factor of a successful direct payment gateway is the level of security it provides to the merchant.

So what ensures that a payment gateway is secure?

The Payment Card Industry (PCI) standards

American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. are not only five of the biggest global providers of credit cards and other financial services, but they’re also the five founding global payment brands of the PCI Security Standards Council. The council, launched in 2006, is responsible for all the mandatory requirements a payment gateway must comply with, including the Data Security Standard (PCI DSS).

A payment gateway should therefore have the PCI DSS standards at the core of everything it does, as they have been specifically developed to ensure that customer credit card data is securely collected and stored. Data management is of the utmost importance, as credit card fraud is becoming increasingly sophisticated every day.

A merchant should not automatically assume that the payment gateway they are opting to work with is PCI DSS compliant. The responsibility for compliance is shared: the payment gateway must adhere to the standards, and the merchant should research the quality of a payment gateway’s security before opting to work with it.

What does transactional security involve?

Achieving the highest level of security in all areas where cardholder data is transmitted and stored is essential. There are several facets to take care of from the physical and datacenter security to application security, firewall and intrusion detection systems, database security and of course, transaction security.

First Atlantic Commerce has a geographically scalable, fault tolerant, secure network and server environment for both the office and the eCommerce processing platform.  FAC’s payment gateway is hosted at the Link Bermuda data center, in a secure, hurricane proof world-class facility.  The company has sophisticated virus and Intrusion Prevention Systems within the network Infrastructure as well as fully redundant firewalls, and dual ISP and Payment Gateway servers.

First Atlantic Commerce’s cGate® Secure suite of products is designed to transmit all transaction data safely and securely over the Internet. All data exchanged between the cGate®Secure “client” solutions on the merchant server, and FAC servers, is encrypted.

In addition to SSL security, a hash signature is required with each transaction. The SHA1 hash is a security feature that enables the merchant and FAC to identify that the transaction results are from an authorized server source, and to verify the integrity of the data received in a transaction request.

Choosing a payment gateway

Do your research on a payment gateway to be sure they have positive reviews. Check out what others say on social media or in blogs. Apart from the obvious security measures, make sure they have a good reputation and look at what others have to say about their customer service and response times.



Comments are closed.