In this section we answer the most commonly asked questions received by e-Path. Please feel free to contact us
should you have a question not covered here.
Q. Do I need a merchant account to use e-Path?
||"Don't they know us Americans invented the 'real time' online credit card payment processing system?
How dare anyone have the hoot'n cheek to come up with a more secure and less expensive alternative system to how we've got the online world doing things.
So, where does this new whipper-snapper of a system hail from? ....
.... shoot'n tarnation, what is it with those Auzzies?"
A. Yes. You need to be able to charge the credit cards e-Path has safely handled and delivered to you in exactly the same way as you would if someone faxed through an order with their credit card details on it, paid you over the phone quoting their credit card details or sent you a completed mail order with payment or if they handed you their credit card in person. It is the merchant facility
, not the gateway, that actually settles funds from a credit card transaction into your account.
Q. Is it really true e-Path doesn't charge credit card transaction fees?
A. Yes it is true. e-Path is a credit card payment gateway that does not charge credit card transaction fees.
Q. Can I use a merchant account from any bank to charge credit cards from e-Path?
A. Security of cardholder data is of critical concern to e-Path not only during our own processes but also what occurs afterwards. e-Path is aware of the PCI compliance of card processing/merchant facilities from many Australian banks including Commonwealth, ANZ, NAB, Bank of Queensland etc., as well as numerous security conscious and PCI aware overseas located banks.
Therefore, if your credit card processing/merchant account facility from these and other approved banks is PCI compliant and you are approved by the bank to allow you to receive, handle and process card-not-present/non-face-to-face transactions through it, such as payments made to you over the phone, via fax machine, via e-Path, via mail postal order, then yes, you may certainly utilise e-Path.
Q. I already have a shopping cart connected up to a live payment processor. I have been hit with charge back after charge back. Fraud has cost me a fortune, I've just about gone broke. My bank and my real time payment gateway people tells me there's nothing I can do about it. But then I found your web site. Can you guarantee if I switch to e-Path as my payment gateway I will never get another fraud payment transacted automatically online and into my account without me knowing again? I need a firm guarantee please.
A. Firstly, yes there is
most certainly something you can do about it. And secondly, we ABSOLUTELY POSITIVELY GUARANTEE
your merchant account facility will never receive another automated fraud transaction live on the internet without you knowing. Nothing gets into your merchant account without you checking all details first then approving it and entering it yourself.
However, you will still be accepting card-not-present/non-face-to-face credit card payments so there is always the risk someone will 'try' to fool. You will need to stay vigilant and utilise the opportunity to peruse through highly pertinent details about the buyer and order first before you decide to charge the card.
Your credit card processing/merchant facility from your bank will of course have all the fraud screening systems and mechanisms as required by card vendors but with e-Path this is IN ADDITION
to you having full control over whether to accept the online order and charge the card or not in the first place.
Therefore, e-Path gateway owners enjoy a significant security advantage over those that use other systems that attempt to charge the card live online blindly without the business owner even knowing.
Have a read of e-Path's eCommerce Payment Gateway Blog
on this very subject.
The days where fraud is transacted live and blindly on the open internet and into your account without you knowing are ended the moment e-Path becomes your payment gateway. This is something we absolutely guarantee
Q. I already have an EFTPOS terminal, can I use this to charge payments I get from e-Path instead of having to pay for another separate merchant account?
A. We can't speak on behalf of your credit card processing/merchant facility provider (your bank) but the answer should be yes, absolutely. You will need to ensure your EFTPOS provider (your bank) is fully aware and approves you transacting card-not-present/non-face-to-face transactions into it. This is usually referred to as MOTO (mail order telephone order) or MST (merchant submitted transaction) enabling your service.
If your bank is allowing/approving you to receive, handle and process credit card payments via card-not-resent/non-face-to-face methods you would have obviously already satisfied their specific rules and requirements on card data security/PCI, otherwise you would not be permitted to process card-not-present/non-face-to-face transactions through their systems.
Q. I have a very important question about PCI compliance. I understand if I use e-Path I will be instantly PCI compliant online which is fantastic as this is going to save me a heap, but does my business still need some form of PCI compliance?
A. All businesses that accept credit card payments now require to do so in accordance with the PCI rules as it relates to their specific method/circumstance.
While we can't speak on behalf of your bank (your credit card processing/merchant facility provider), if your bank has already approved your business to receive, handle and process credit card payments that come to you from card-not-present/non-face-to-face methods such as receiving credit card details over the phone or via a fax machine or via e-Path or via mail postal order, then you obviously already have satisfied your banks specific requirements on credit card data security/PCI.
Your bank may have required you to complete an SAQ (Self Assessment Questionnaire) or make an attestment that satisfies them that you comply with and will maintain your compliance to their specific requirements on credit card data security/PCI. Sometimes this is called being a MOTO (mail order telephone order) or MST (merchant submitted transaction) approved merchant. If this is the case there is nothing more you need do, you can start to utilise e-Path to accept credit cards online and process them safely offline.
However, if your bank has not covered off on this and you are not a MOTO or MST approved merchant and therefore have not satisfied your banks requirements on credit card data security/PCI compliance then we would not be able to offer our service to you.
But yes, by using e-Path your website or shopping cart is removed from needing PCI compliance - because your website or shopping cart never comes in to contact with card data in the first place. Your online credit card handling activities are instantly PCI compliant with e-Path.
Q. I have a real time online payment processing gateway but only use its virtual terminal to enter credit cards into it myself. I agree with everything you say on your site about the security advantages of being in control - bloody insane to accept everything live on the net behind my back and not be aware. I now need a PCI compliant way to receive credit card payments online and your gateway looks perfect. Can I use e-Path and still use my virtual terminal from my real time gateway?
A. Yes you can. What you use to interface with your own merchant account facility is up to you. Our requirement is that it is PCI compliant and you are approved by the provider to receive, handle and charge credit card payments from card-not-presnt/non-face-to-face methods. If this is so then this means your credit card processing/merchant facility provider has already determined you meet their requirements on card data security/PCI - which is a firm prerequisite of e-Path.
However, you don't really have to keep your real time payment gateway virtual terminal because most banks have a variety of less expensive virtual terminal merchant facilities of their own. Your bank can supply you with the full card processing/merchant facility package such as a merchant facility with a virtual terminal front end. There are even bank supplied Smartphone apps now that allow you to interact with your own merchant account yourself.
Q. In terms of the actual credit card security my friend tells me doing it manually is not as secure as doing it by a real time payment gateway because I would see the credit card details. Is this unsafe?
A. No, that's not entirely correct. It is actually the opposite by quite a margin.
Have a read of e-Path's eCommerce Payment Gateway Blog
on this very subject.
And here are some facts ....
The overwhelming majority of the worlds credit card and identity data theft can be either directly or indirectly attributed to data being compromised (hacked into, stolen, copied etc.) when permanently and electronically stored within databases, storage devices, on servers, on networks or on similar internet connected systems.
Mostly all third party online payment processing gateways permanently and electronically store highly sensitive credit card details, transaction data and confidential identity information usually without the card holder even knowning. Despite well over 250 million credit card details being stolen in recent years from these and other types of systems that either handle or permanently store highly confidential data within their systems, this is how it is still being done.
However, only a very small proportion of credit card data theft can be attributed to credit card details actually being physically stolen when in the sole physical possession of the official bank approved merchant facility owner, i.e., when processing is done offline well away from the risks of the open internet.
Further, e-Path always obtains a firm commitment from all merchants that they will ensure the credit card data does not exist anywhere after processing. e-Path is the only payment gateway that enables merchants to give an iron clad guarantee to their cardholder customers that highly confidential credit card details do NOT even exist after the transaction has completed. No other payment gateway enables it's merchants to ensure their customer's credt card details don't exist after processing.
So, you tell us, as far as actual physical credit card data security is concerned, would you yourself be happy with your own private and highly confidential credit card and identity details being permanently stored electronically somewhere (perhaps at multiple locations) within the online payment gateway's systems where you may not even be allowed to get them removed, or would you prefer your details be only
with the official bank approved merchant facility owner just like when handing your card to the merchant in person and where your credit card details will not even exist anywhere
once the charge is performed?
The answer really is a 'no-brainer'.
Q. Do you integrate your gateway into my shopping cart?
A. Depends which one. For osCommerce and Zen Cart yes we will do professional integration for you as a courtesy. Shopping cart developers are the only ones who know their own programming code, therefore, it is really up to them to create a module that works with their own software code. However, where ever possible e-Path technicians will always assist.
Q. Do I share a secure payment page with everyone else?
A. No. Every e-Path merchant has their own exclusive credit card payment gateway system.
Q. I'm losing sales because people are not going through with entering their credit cards on my site, does e-Path give me a proper professional gateway system where my customers will see they are being handled professionally and safely?
A. You may have a great looking website but it is security and not looks that is now, more than ever, the most important thing to online customers. It doesn't take much for a website to ask for credit cards to be entered into it and these days consumers are now very cautious of websites that 'do it all'.
So this could be why you are having trouble. e-Path provides you with your own professional payment gateway system which will instill confidence in your online payment process. The consumer knows their credit card details are being handled securely the moment they see your own formidable e-Path secure system kick-in to take good care of them.
Q. Only $275.00 per year, so what other fees and charges are going to be landed on me?
A. None. $275.00 incl GST is our yearly fee for your own fully dedicated e-Path gateway service. There is a one time $22.00 registration fee at sign up but this is only a one time fee and is perpetual. You can accept 50 or 5,000 credit card payment authorisations through your e-Path gateway and every one is free. This is very different to a typical 'real time' payment processing gateway which will charge you extra every single time you accept a credit card payment online which is in top of and in addition to your banks merchant account facility charges.
Q. I am in Brighton in England. Can I still use e-Path?
A. Yes. e-Path is a global service, you can be in any country of the world and use e-Path. You will need a
merchant account facility at a bank in your home country in order to charge the credit cards your secure e-Path gateway system delivers to you from your online customers.
Q. I have a MOTO merchant account but my bank says I can't use e-Path to receive credit card payments from online, they insist I need to use a real time 'live' payment gateway system to do that. What can I do and why would the bank force me to use this much more risky method?
A. It could possibly mean the person you are dealing with at your bank may not quite understand the e-Path service. They also simply may not be aware there is a new system available that finally attacks the very core mechanisms responsible for facilitating the vast majority of credit card and identity data theft and the subsequent online credit card fraud that can result.
Don't forget before e-Path the only official bank approved way to accept credit cards online was to use the real time online payment processing system - which is a method that permanently stores your customers credit cards within its systems and that also will usually attempt to transact anything entered into it by any anonymous individual on the open internet blindly and instantly without you knowing (that's what 'live' automated online processing is). The vast majority of all online credit card fraud perpetrated on the internet is through the 'real time' payment processing system.
If your bank insists you can only accept credit cards online via that system, then it could be high time to consider switching to a bank that is much more serious about security.
The potential future of your online business and the security of your customers' credit card and identity details could most certainly be at risk here, absolutely. And if you think we may be exaggerating this risk, then here are some recent proof-positive happenings you may like to peruse through ...
More than 100 million credit cards may have been compromised in data breach
Visa confirms another payment processor breach
Credit card breach exposes 40 million accounts
40M credit cards hacked
40 million credit cards exposed
Fear in the Fast Lane
(Four Corners production, Andrew Fowler, ABC TV)
Identity Security (
Australian Government Attorney-General's Department)
(Australian Federal Police)
(Queensland Police Service)
The enemy in the net
(ABC Radio National)
Data breach proves PCI compliance is not enough
Does breach prove PCI useless?
Breach shows PCI compliance is not enough
Q. Who uses e-Path?
It would be a highly effective marketing tool if e-Path were to publish the names of those businesses using e-Path, however, we are in the business of security at the highest possible level and pride ourselves on our security standards and policies that are all encompassing throughout our company.
But its not too difficult to find out who some of our merchants are. For example, e-Path merchants sometimes frequent a number of online e-commerce forums
to share ideas and experiences, there they themselves make themselves known. e-CommerceTalk.com.au
is one such place.
Q. Can you feed the data you collect into a database so I can store it on my website?
A. Sorry, no. Please view e-Path Security
. This will tell you what we think about permanently storing credit card data in databases. If we permanently stored highly sensitive credit card and identity data in databases we would be no different to the typical 'real time' payment gateway system - we represent a new era in security, not an old one!!
Q. How long to set up my gateway so I can use it?
A. If all information from you is complete and your application is approved and you have sent us your desired logo/graphic to use on your gateway, then within four to seven working days of your application being
Q. My bank insists I need an SSL, but you say I don't. I'm confused.
A. Your own exclusive e-Path gateway already has SSL. When you use e-Path your website does not need another SSL because your website has nothing to do with handling credit cards. Your bank may be getting mixed up, please point them to this website. Be mindful it is a requirement placed upon merchant account providers (banks) by the card vendors themselves (Visa, MasterCard etc.) that the bank must confirm an SSL is protecting things when credit card details are entered on the internet. They are doing the right thing by wanting this confirmed - send your bank the URL (web address) of your secure and exclusive e-Path gateway for them to become satisfied.
But having said that, it is simply good practice to have your website protected by SSL. Some newer versions of browsers now alert a customer when they move from a secure (https) location back to a website that is not secure (http). We would recommend installing an SSL on your website to ensure the connection remains encrypted even after e-Path has done its job and returned the customer to your site. This way the online customer's browser will not show a warning message because they will be moving from one SSL protected location to another SSL protected location.
Q. In your Terms & Conditions you say I have to put a graphic on my site with a link to a disclosure page which tells card holders what happens to their credit card details. What if I don't want to put this graphic and link on my site?
A. Open and honest disclosure to card holders about how safe their credit card details are when paying using e-Path is part of the e-Path gateway package.
Card holders have an absolute right to know exactly what is going to happen to their credit card details. If you do not want to display the graphic with link to the e-Path disclosure page then unfortunately you will not be able to use the e-Path service as it is a condition of the service. This will indicate to you on how serious we are about improving e-commerce for everyone, not just our own gateway clients.
Q. Do you hold money and transfer it into my account?
A. No, sorry. e-Path does not touch or have anything to do with any funds from any credit card payment in any way. Please view section #1 or our Terms 0f Service Agreement/Merchant Agreement
Q. Do you have an API so people can enter their credit card details on my website?
A. Sorry, no. One of the fundamental strengths of the e-Path system is that your customer enters their credit card details within the heavily secure e-Path PCI compliant environment.
Q. This is a real change in how things are commonly done. Are you the first ones of your type to do this?
A. Manual systems, be they online database services, shopping cart software or even other basic manual credit card handling service providers that capture credit cards online that then enable offline processing by the business owner are certainly nothing new.
However, an online credit card payment gateway that uses full strength and multiple instances of asymmetric cryptography (2,048bit encryption) on an individual per gateway basis completely separate and unique for each and every gateway merchant; each with their own separate and unique secure payment gateway page URL; that provides the PCI compliant and THAWTE SSL protected environment for each individual gateway client; that does not require bank merchant accounts to be sitting open and accessible to anonymous individuals on the open internet; and that also does not permanently store any credit card, transaction data or identity information online within its systems .... is totally new.
Yes, e-Path is the very first to pioneer this new eara of improved card holder and business owner security in accepting credit card payment authorisations online.
e-Path delivers on the enormous world wide demand for a far safer and more secure system where credit card and identity data is not left permanently/electronically stored in databases, on networks, or in any storage device by the online payment gateway.
In fact, e-Path is the only payment gateway that enables merchants to absolutely ensure highly sensitive credit card details don't exist anywhere after the charge is performed on the card. This is card data security in the absolute.
With e-Path the business owner is finally in total control over what online orders his/her business accepts and what credit card payments are charged. There is no blink online processing without the business owner knowing!!
Our system is manual, it is not designed to replace 'real time' automated online processing systems. If you want an automated system then e-Path is not the answer. But if you want control over things, if you like the idea of saving money and if you want your customer's credit card data to never be permanently stored within the gateway's systems without their permission, then e-Path is worthy of serious consideration.