Latpay Security

Transaction data: what your payment service provider should be doing to protect your data

In the financial year to 30th June 2019, card spending in Australia grew by 4.2% while card fraud dropped by 6.9%. This sounds like a great achievement, right?

Despite the decline, card-not-present fraud still accounts for $455.5 million in losses for Australian consumers. In addition, skimming fraud and lost/stolen fraud is to blame for $18.6 million and $43 million in annual losses respectively.

For businesses acquiring merchant services through a payment service provider (PSP), it is expected that fraud management capabilities are built into this solution. Yet many businesses are actually unaware of what they should expect from their PSP, or more alarmingly, what it is that they’re actually receiving.

Regardless of the payment methods you offer, your payment processing systems need to deliver a certain level of security to your customers in order to remain compliant and for your customers to feel comfortable shopping with you.

What to expect from a competent payment service provider (PSP)
Payment Card Industry Data Security Standards

PCI DSS is an information standard for businesses taking card payments – whether in person or online. This security standard is designed to mitigate the risk of credit card fraud and make it safer to process and store card data.

There are various levels of PCI DSS requirements depending on factors such as potential fraud risk and how many transactions are being processed per year.

You, as a merchant accepting credit card payment, are required to adhere to these guidelines, which can be quite significant and difficult to manage.

To help minimise the scope of compliance obligations, many merchants turn to a PSP.

As a base measure, you should expect your payment service provider to be adhering to level 4 PCI requirements. However, a good PSP will offer you level 1 compliance – the highest and most comprehensive level of protection.

On a transactional level, your payment service provider should be conducting fraud screening to identify any fraudulent transactions to mitigate suspected skimming fraud or other large scale online attacks’ so that it puts some focus on this at a lower level.

If you’re not sure what level your PSP offers, it’s recommended that you discuss this with them to ensure you’re offering the greatest protection to your customers.

Tokenisation

While PCI DSS is mandatory, tokenisation is an optional yet highly recommended fraud mitigation process that you should expect your PSP to offer.

Tokenisation is a form of encryption, whereby sensitive or personal information (such as a debit card or credit card number) is substituted with a unique ID number known as a token. As this token sequence is randomly generated, it is much more difficult to crack than standard methods of encryption.

The benefits of tokenisation are substantial. Essentially, your customer data could be compromised but deemed unusable without the proper detokenisation system.

For obvious reasons, tokenisation offers a highly secure method of preventing fraudulent activity and should be expected of your PSP.

Authentication processes

When assessing your payment service provider for fraud prevention capabilities, you should also be looking for additional authentication processes.

A good PSP will offer additional services such as automatic and human-driven data analysis to ensure that any suspicious activity is picked up and examined before the payment is processed.

These types of measures should analyse online behaviour and purchasing patterns and compare them with available data to identify negative data matches.

To be effective, this process will be completed in real-time to minimise loss to your customers.

These authentication process should also include alerts for potentially fraudulent transactions and include a support team who can assist you with denying suspicious purchase attempts.

At Latpay, your data security is our priority. To learn more about how our secure payment gateways, chat with our team today.

Getting paid with payment links

What is a payment link?

Payment links (or PLINKS) allow you to send payable invoices straight to your customers mobile, social media account, email and other comms applications. With the ability to accept credit cards and debit cards, online banking and digital wallets through the simple click of a link, your customers will be thanking you at every bill with on-time payments deposited directly into your bank account.

Why use payment links for your business?

PLINKs are an incredibly versatile yet streamlined payment method that allows you to improve cash flow by collecting payments 24 hours a day, 7 days a week.  As well as processing transactions and accepting online payments, PLINKs have the following advantages for your business:

Get paid on time

Sending SMS PLINKs to your customers is an easy and efficient way to get paid on time, every time. All your customer needs to do is view their invoice and simply click a link to pay. No getting lost in the inbox, just a straightforward, simple process that gets you paid sooner.

Take payments from more people

Asking your customers to log in to an application or online portal to pay your invoice can be a hassle, often resulting in late or missed payments. Using latpay’s simple PLINKs, you can offer a better system that everyone can access with the tap of a button – easy!

Offer better security

As well as being an easier way to pay, our PLINKs come with world-class security backed by the highest-level PCI DSS compliance (Level 1)  as well as our revered tokenization process to ensure that all your customers’ data remains in the right hands.

Get access to a personalised dashboard

Partnering with latpay, your business will gain access to a comprehensive dashboard that allows you to create and share personalised links with your customers. With complete clarity and control of your invoices, you’ll also be able to better manage your finances and know exactly when and where the money’s coming in.

The biggest advantages of using payment links

  • Send invoices immediately via simple links
  • Receive transaction management via SMS & email notifications
  • Accept all payment types & currencies from around the world
  • Maintain PCI DSS Level 1 Compliance
  • Customise your checkout to match your business branding
  • Protect your customers with real-time fraud management

Who are payment links ideal for?

While PLINKs are fantastic for just about any business, they’re particularly beneficial for businesses looking to step into the future of digital payments without completely reinventing the wheel. Some of the businesses that benefit the most from incorporating PLINKs include:

  • Clubs, associations and organisations
  • Gyms and sports centres
  • Businesses requiring joining fees
  • Monthly subscriptions
  • Phone & utility providers
  • And heaps more!

Why partner with latpay?

Offering a truly complete and integrated payment platform, Latpay can help you discover the real value of innovative technology for everyday business. As a leading Payment and Merchant Service Provider in the UK, Australia and Canada, we deliver superior transactional, fraud management and data tokenization services to businesses all around the world.

If you’re ready to take your invoicing capabilities to the next level, chat with us today!

The risks of cyber security & why you should care

Online crime and cyber-attacks in Australia

The Australian landscape for cybercrime is rapidly growing, with many businesses falling victim to the advances of online criminals every day. And while we often read about large-scale corporate data breaches in the media, medium and small businesses are actually more likely to become a target due to their often-minimalistic approach to cyber security.

To help you as a business owner understand why you should be concerned with cybersecurity, we’ve put together a brief guide as to what could be targeted and how. More importantly, we’ve also included some good examples of how you can protect yourself. Take a read below!

What could be at risk?

While you might think that your business information wouldn’t be of interest to a cybercriminal, the reality is that just about any piece of data or sensitive information can be a target. If you acquire, retain or produce any of the following information, it’s important that your business is taking the relevant precautions to protect itself against unauthorised access:

  • Financial records and data
  • Client records and data
  • Product design or business ideas
  • Business models
  • Intellectual property (IP)
  • Patents (current or pending)
  • Employee information

While all information can be a potential target for cybercrime, financial data is likely the biggest drawcard for criminals. For this reason, online businesses, in particular, can become vulnerable to additional risk if they are not adequately protected.

 How can cyber criminals access your information?

While the ways in which cybercriminals gain access to your information evolves every day, there are a number of traditional and well-known attacks to be aware of. Some of these include:

  • Breach of your website, payment processes or mobile app
  • Viruses and malware that can infect your computers or networks
  • Theft or remote access of your hardware and devices
  • Social engineering and phishing 

How can you protect yourself?

While it’s near impossible to ever be fully protected against online criminal activity, there are strategies and technologies that can be deployed to mitigate vulnerabilities and risks. This, paired with an understanding and awareness of the way hackers might attempt to breach your data, is the best way to approach cybersecurity.

Some of the simplest ways you can protect your information include:

  • Updating your website, Point-of-Sale (POS) systems and other devices with the latest software releases
  • Develop terms and conditions or procedures for staff to follow in regard to online security and the security of all company devices
  • Develop an incident response plan to ensure you’re prepared to react should a cyber breach occur
  • Implement network security, email protection and anti-virus software (with the help of a cybersecurity or managed IT company if possible)
  • If you run an online business, aim to satisfy PCI DSS Level 1 compliance requirements

Protecting your customer’s payment details with a secure payment platform

 If your selling products or services online, the way you take payment is critical to the safety of your customers’ payment information. Moreover, financial institutions will also require that you meet certain compliance targets to ensure the safety of their customers and yours.

At Latpay, we help our clients to take payments online through the implementation of secure hosted payment pages. Offering PCI DSS Level 1 compliance, every transaction is secured and fully encrypted to the highest standards to ensure your customer’s information remains untouched.

To learn more about the comprehensive benefits of Latpay’s merchant services, click here or get in touch with our customer service team to chat with a local representative today.

What is a payment gateway and why do I need one?

Are you ready to grow your business online? Payment gateways are an essential step to maximising your online revenue and reaching more customers. For those who might need a little refresher on what they are and how they work, take a read of the following article outlining some key points and benefits of a payment gateway to online businesses.

What is a payment gateway?

A payment gateway or third-party service creates a connection between your ecommerce platform and your bank in order to take payments from customers online. Payment gateway software securely authorises credit card payments through the deployment of encryption, allowing sensitive information to be passed from customer to merchant to bank and back. As a security standard, businesses must have a payment gateway or third-party service in order to accept payments online.

How does it work?

The payment gateway sends credit card and other private data between parties in a secure manner to ensure all information is protected while a transaction is being processed. To complete this process, the payment gateway completes a range of tasks within about 3 seconds. To demonstrate the process in action, let’s take a look at how it all plays out.

  • Becky has decided to buy a shirt through an online store. Once she’s happy with her choice, she adds the item to a shopping cart and heads to the checkout page.
  • The website will open a secure payment page where she enters her credit card details to place the order.
  • The payment details are transferred securely from the payment page to the payment gateway.
  • The payment gateway will encrypt her credit card information and pass it on to the merchant’s bank to be authorised.
  • The merchant’s bank will decide whether or not the transaction should be approved based on a number of factors (whether Becky has gone over her credit limit, whether the card is legitimate, etc) and passes this information back to the payment gateway.
  • If the transaction is approved, the payment gateway will notify the merchant and the customer that payment has been accepted.
  • If the transaction is denied, a message will appear on Becky’s screen notifying her that the payment was declined, and the transaction has been disregarded.

The benefits of a payment gateway to your business:

Although there are a number of alternative methods available for taking payments online, having a payment gateway provides a range of unique benefits to ecommerce businesses. Some of these key benefits include:

Secure payment processing

Data security should be the number one priority for any business. Payment gateways offer the ability to take protected payments via industry-standard encryption technology. With a reputable payment gateway, customers need not worry about their credit card or personal information being intercepted and used without authority. Payment gateways protect both merchant and customer against identity fraud. 

Accept payments instantaneously

With a process taking less than 3 seconds, payments can be accepted online in real time. This means that customers don’t need to wait when purchasing their goods and merchants don’t need to wait for payments to be received.

Enable international purchases

With the ability to process transactions in multiple currencies, payment gateways allow you to access a global network of online shoppers. The ability to accept any currency means you can expand your potential target audience and create a worldwide network of customers.

Complete transactions around the clock

With a payment gateway connected to your ecommerce store, you’re always open for business. Consumers can access your store and complete a transaction at any time of the day meaning you can make money even while you sleep or travel.

Keep web users on your page

dPayment gateways enable you to take payment from your customer without directing them to a third-party page; the last thing you want to be doing is guiding traffic away from your website. Having a payment gateway allows you to keep your customers right where you want them – on your web page.

Latpay’s Merchant Facilities

Activating a merchant account can be challenging and sometimes even a little stressful. At Latpay, we make the process straight forward and simple to get your business up and running as soon as possible. With long-standing partnerships with a range of acquiring banks who know and trust our platforms, we’re already known for meeting a range of challenges and volume requirements. We also maintain the highest accreditation for industry data security as a PCI Level 1 Service Provider, meaning banks and customers alike are comfortable and confident in doing business through our gateways.

Latpay services have a strong focus on security, reliability, user experience and customer service driven by our Australian-based headquarters and support centre. If you’re ready to start taking more payments online, get in touch with our team on 07 5515 0402 or learn more about our merchant solutions here.

We’re on the list of Visa Global Registry of Service Providers

Our commitment to compliance has once again been showcased after recently being announced as a service provider on the Visa Global Registry. For merchants, this means that Latpay is compliant with both the Visa program requirements and Payment Card Industry Data Security Standards (PCI DSS) to store, process or transmit Visa cardholder information.

The Visa Global Registry of Service Providers:

The Visa Global Registry has been compiled to make it easier for customers to choose the best merchant service provider for their needs. It’s important to note that:

  1. The Registry now distinguishes service providers that support secure technologies, such as EMV, tokenization and point-to-point encryption.
  2. Merchants can now check how long the provider has had a relationship with one of Visa’s clients or partners, which can be useful for a technology partner looking for a start-up versus an established company.
  3. The Registry also features service providers that are early adopters of the most recent version of the PCI DSS 3.2, which was released in April 2016. The key changes included a multi-factor authentication for administrators accessing cardholder data and additional security validation steps for service providers.

To learn more, visit the Visa Global Registry of Service Providers.

Why our compliance is good for your business:

  1. Protect yourself

Acquiring a compliant merchant service provider ensures that your business is meeting all legal and compliance requirements. In order to be cleared to take payments both on and offline, there are numerous hoops to jump through to ensure you’re providing a secure service for your customers. Working with Latpay takes the stress out of compliance obligations so you can get back to business.

  1. Protect your customers

As well as meeting all your legal requirements, working with a highly secure and compliant merchant service provider like Latpay ensures that your customers are protected from theft and fraud. Your customers are the lifeblood of your business, so protecting them against unauthorised transactions is critical. More than this, it also safeguards your business against reputational loss that often follows a financial breach.

  1. Allow customers to shop with confidence

When shoppers are confronted with unknown or untrustworthy payment systems, it forces them to think twice about making their purchase. Offering the highest security measures and trusted payment platforms can help your customers feel confident with their purchases and therefore less likely to second guess their decision. The transaction journey should be smooth sailing, allowing the customer to pay for goods or services without a second thought. Latpay can help you offer the peace of mind your customers need to shop with absolute confidence.

If you find that your payment service provider isn’t offering you the highest levels of data security and PCI compliance, it’s time to start shopping around.

Why choose Lateral Payment Solutions:

As a leading Payment and Merchant Service Provider in Australia, UK and Canada, Latpay offer superior fraud management capabilities and data tokenisation services to online businesses around the world.

With industry-leading technology, exceptional Level 1 PCI compliance and fraud management proficiencies, Latpay are proud to provide a truly complete payment solution for companies of all shapes and sizes.

Talk to us on 1800 865 224 to see how we can alleviate the hassles of security and compliance, so you can get back running your business.