Thanks to the technology used and avoiding printing out your unencrypted bank card number, it is in fact safer to pay by bankcard on Paybox affiliated sites than in most local shops.

Paybox

The principle of secure online payments

The various stages of the payment process between the purchaser and Paybox are fully encrypted and protected. The protocol used is SSL which is linked with e-banking.

This means that information linked to the order and the bankcard number do not circulate unencrypted on the Internet.

  • The bankcard number is not printed out onto documents, invoices, credit card receipts or other print-outs
  • The merchant does not have access to card numbers
  • Paybox does not keep card numbers once the payment transaction has been transmitted to the merchant’s bank

This means that nobody has access to purchasers' card details either electronically or via print-outs.

The risk of a client's bank card number being “hacked” when purchasing on a Paybox System affiliated website is nil.

The various security phases when paying online

For each payment request, the purchaser is switched over from the merchant site to the Paybox System payment server, which is connected to the banking world.

  1. The purchaser comes to an encrypted SSL payment page;
  2. The purchaser enters the card number, expiry date, the visual cryptogram and an authorisation request is made. The link between the purchaser and the Paybox System server is established in HTTPS, the secure protocol with SSL, which encrypts all the data being exchanged. This protects data is sent over the web and guarantees that the purchaser's card number cannot be intercepted unencrypted by a third party during transfer to the Paybox System secure server. The Paybox System home page provides the purchaser with information about the purchase: the name of the merchant (with this guaranteeing that the company has been authenticated);
  3. Once the card number has gone through a preliminary level of checks (Luhn formula, list of stopped cards etc.), the Paybox System server makes an authorisation request to the banking centre to which the merchant is affiliated. This is carried out using standardised banking protocols on a specialised telecommunications network;
  4. The bank's authorisation centre transmits an authorisation number or declines the card. If the payment is accepted, Paybox System then carries out the following operations: displays payment confirmation on the purchaser's screen (option), sends payment confirmation by e-mail to the purchaser and merchant. The card number is NEVER transmitted to the merchant;
  5. The purchaser is then automatically redirected to the merchant's server where s/he can continue browsing;

A special process developed by Paybox Services enables Paybox System to monitor in real time the behaviour of card holders, specifically to prevent the payment server being used to test out automatically generated card numbers or for other types of attacks:

  • Searching for BIN by increments, derivation or masks
  • Large numbers of attempts using different expiry dates
  • Random IP addresses used by holders
  • “Fake” bankcards etc...

Check that you are in secure mode when paying online

Once on the payment page, the start of the website's address at the top of the screen changes to https:// with the “s” following "http" showing that communication is secure.

To use a Paybox card payment service, a merchant must hold a distance selling e-banking account at an identified banking institution.

Bedycasa uses the CIC's bank distance selling e-banking solution.

Paybox platform security

Paybox naturally holds Visa and MasterCard PCI-DSS programme accreditation. The various audits carried out have confirmed that Paybox Services applies a high level of security and integrity supplemented by sustained technology development monitoring, in order to maintain the infrastructure of its double platform.

It is also worth highlighting that Paybox Services is the first French operator to get all of its services (e-commerce and local payments) certified.

The PCI-DSS programme imposes security standards defined by Visa, MasterCard, the Groupement CB, American Express and a large number of payment systems.

You can find this page on: http://www1.paybox.com/accreditations-certifications/?lang=en
http://www1.paybox.com/our-products-and-services/focus-securite/?lang=en