Payment Gateway Questions & Answers

In this section we answer the most commonly asked questions received by e-Path. Please feel free to contact us should you have a question not covered here.



Q. Do I need a merchant account to use e-Path?
A. Yes. You need to be able to charge the credit cards e-Path has safely handled and delivered to you in exactly the same way as you would if someone faxed through an order with their credit card details on it, or even paid you over the phone quoting their credit card details or sent you a completed mail order with payment. It is the merchant account, not the gateway, that actually settles funds from a credit card transaction into your account.

Q. Is it really true e-Path doesn't charge credit card transaction fees?
A. Yes it is true. e-Path is a credit card payment gateway that does not charge credit card transaction fees.

Q. Can I use a merchant account from any bank to charge credit cards from e-Path?
A. Security of cardholder data is of critical concern to e-Path not only during our own processes but also what occurs afterwards. e-Path is aware of the PCI compliance of merchant account services and their interfacing methods from many Australian banks including Commonwealth, ANZ, NAB, Bank of Queensland etc., as well as numerous security conscious and PCI aware overseas located banks.

Therefore, if your merchant account and its interfacing method from these and other approved banks is PCI compliant and is approved by the bank to allow you to process card not present transactions, you may certainly charge credit cards into it that you safely receive via e-Path. Absolutely.

However, you may not utilise our PCI complaint gateway to receive credit cards for inputting into a merchant facility/interfacing method from a bank that is not PCI DSS compliant. e-Path is not to be associated with any service from any bank either indirectly or directly that is not fully PCI compliant.

Q. Will I need to buy an SSL for my site if I use e-Path?
A. No. Your exclusive e-Path payment gateway system provides this for you.

Q. I already have a shopping cart connected up to a live payment processor. I have been hit with charge back after charge back. Fraud has cost me a fortune, I've just about gone broke. My bank tells me there's nothing I can do about it. But then I found your web site. Can you guarantee if I switch to e-Path as my gateway I will never get another fraud payment transacted automatically witout me knowing into my account again? I need a firm guarantee please.
A. Firstly, there is most certainly something you can do about it. And secondly, we ABSOLUTELY POSITIVELY GUARANTEE your merchant account will never receive another automated fraud transaction live on the internet without you knowing. Nothing gets into your merchant account without you checking all details first then approving it and entering it yourself.

However, you will still be accepting card-not-present/non-face-to-face credit card payments so there is always the risk someone will 'try' to fool. You will need to stay vigilant and utilise the opportunity to peruse through highly pertinent details about the buyer and order first before the card is charged.

Your merchant account and its input interface from your bank will of course have all the fraud screening systems and mechanisms as required by card vendors but with e-Path this is IN ADDITION to you having full control over whether to accept the online order and charge the card or not in the first place.

Therefore, e-Path gateway owners enjoy a significant security advantage over those that use other systems that will charge the card live online without the business owner even knowing.

Have a read of e-Path's eCommerce Payment Gateway Blog on this very subject.

The days where fraud is transacted live and blindly on the open internet and into your account without you knowing or having any control over it are ended the moment e-Path becomes your payment gateway.

Q. I already have an EFTPOS terminal, can I use this to charge payments I get from e-Path instead of having to pay for another separate merchant account?
A. Yes absolutely. You can utilise your existing EFTPOS terminal to charge card card-not-present/non-face-to-face payments you receive. However, you will need to ensure your EFTPOS merchant account provider (your bank) is fully aware and approves you transacting card-not-present/non-face-to-face transactions into it. This is usually referred to as MOTO (mail order telephone order) or MST (merchant submitted transaction) enabling your service.

Q. I have a real time online payment processing gateway but only use its virtual terminal to enter credit cards into it myself. I agree with everything you say on your site about the security advantages of being in control - bloody insane to accept everything live on the net behind my back and not be aware. I now need a PCI compliant way to receive credit card payments online and your gateway looks perfect. Can I use e-Path and still use my virtual terminal from my real time gateway?
A. Yes you can. What you use to interface with your own merchant account is up to you. Our only requirement is that it is PCI compliant. However, you don't really have to keep your real time payment gateway virtual terminal because banks have a variety of slightly cheaper manual merchant account types that provide the same or similar functionality in a single package. The new MOTO version of eVolve from the Commonwealth Bank is a great low cost solution in this respect, as is ANZ's MOTO/CardLink bundle just to name two.

So, to answer your question, yes, you can remain using your real time payment gateway's virtual terminal if this is your choice. But to ensure the high level of security you have with e-Path is maintained through the full process, the service you use needs to be PCI compliant.

Q. In terms of the actual credit card security my friend tells me doing it manually is not as secure as doing it by a real time payment gateway because I would see the credit card details. Is this correct?
A. No, that's not correct. In fact it is actually the opposite by quite a margin.

Have a read of e-Path's eCommerce Payment Gateway Blog on this very subject.

And here are some facts ....

It is roughly estimated that between 85% and 90% of the worlds credit card and identity theft can be either directly or indirectly attributed to data being compromised (hacked into, stolen, copied etc.) when permanently stored within databases, storage devices, on internet networks or on similar internet connected systems.

Mostly all third party 'real time' payment processing gateways permanently store credit card details transaction data and highly sensitive identity information. That's how they operate.

However, it is roughly estimated that around 2% (some statistic organisations suggest this is actually well under 1%) of credit card theft can be attributed to credit card details being physically stolen when in the sole physical possession of the official bank approved merchant account owner, i.e., when processing is done offline well away from the open internet and any internet connected storage device, system or network.

So, you tell us, as far as actual physical credit card data security is concerned, would you yourself be happy with your own private credit card and identity details being permanently stored online somewhere (perhaps at multiple locations) within the online payment gateway's systems or would you prefer your details be ONLY with the official bank approved merchant account owner well away from the internet?

Ensuring your credit card data is only with the official bank approved merchant account owner and NOT sitting permanently stored on the internet somewhere in some database, storage device or network is preciesly what e-Path does.

The concept is called CDU (Critical Data Unplugged) have a read, you may find it enlightening.

Q. Do you integrate your gateway into my shopping cart?
A. Depends which one. For osCommerce, Zen Cart and Joomla's VirtualMart, yes we will do professional integration for you as a courtesy. Shopping cart developers are the only ones that know their own programming code, therefore, it is really up to them to create a module that works with their code. However, where ever possible e-Path technicians will always assist.

Q. Do I share a secure payment page with everyone else?
A. No. Every e-Path merchant has their own exclusive credit card payment gateway system.

Q. I'm losing sales because people are not going through with entering their credit cards on my site, does e-Path give me a proper professional gateway system where my customers will see they are being handled professionally and safely?
A. You may have a great looking website but it is security and not looks that is now, more than ever, the most important thing to online customers. It doesn't take much for a website to ask for credit cards to be entered into it and these days consumers are now very cautious of websites that 'do it all'.

So this could be why you are having trouble. e-Path provides you with your own professional payment gateway system which will instill confidence in your online payment process. The consumer knows their credit card details are being handled securely the moment they see your own formidable e-Path secure system kick-in to take good care of them.

Q. Only $275.00 per year, so what other fees and charges are going to be landed on me?
A. None. $275.00 incl GST is our yearly fee for your own fully dedicated e-Path gateway service. You can accept 50 or 5000 credit card payments through e-Path and every one is free. This is very different to a typical 'real time' payment gateway which will charge you extra every single time you accept a credit card payment online which is in top of and in addition to your banks merchant account facility charges.

Q. I am in Brighton in England. Can I still use e-Path?
A. Yes. e-Path is a global service, you can be in any country of the world and use e-Path. You will need a merchant account facility at a bank in your home country in order to charge the credit cards your secure e-Path gateway system delivers to you from your online customers.

Q. I have a MOTO merchant account but my bank says I can't use e-Path to receive credit card payments from online, they insist I need to use a real time 'live' payment gateway system to do that. What can I do and why would the bank force me to use this much more risky method?
A. In this day and age this is most unusual but can still happen. It could possibly mean the person you are dealing with at your bank may not quite understand the e-Path service or perhaps the importance of PCI DSS and CDU Compliance. They also simply may not be aware there is a new system available that finally attacks the very core mechanisms responsible for facilitating credit card and identity data theft and the subsequent online credit card fraud that can result.

Don't forget before e-Path the only official bank approved way to accept credit cards online was to use the real time online payment processing system - which is a method that permanently stores your customers credit cards within its online systems and that also will attempt to transact anything entered into it by any anonymous individual on the open internet blindly and instantly without you knowing. Both of these factors are actually responsible for near the entirety of credit card and identity theft and online credit card fraud in the world today.

If your bank insists you can only accept credit cards online via that system, then it could be high time to consider switching to a merchant account provider who is much more serious about security.

Your security and the potential future of your online business and the security of your cardholder customers credit card and identity details could most certainly be at risk here, absolutely. And if you thnk we may be exagerating this risk, then here are some recent proof-positive happenings you may like to peruse through ...

More than 100 million credit cards may have been compromised in data breach
Visa confirms another payment processor breach
Credit card breach exposes 40 million accounts
40M credit cards hacked
40 million credit cards exposed
Fear in the Fast Lane (Four Corners production, Andrew Fowler, ABC TV)
Identity Security (Australian Government Attorney-General's Department)
Internet Fraud (Australian Federal Police)
E-Crime (Queensland Police Service)
The enemy in the net (ABC Radio National)
Heartland data breach proves PCI compliance is not enough
Does the Heartland breach prove PCI useless?
Heartland breach shows PCI compliance is not enough

Q. Who uses e-Path?
A. Our Privacy Policy Statement forbids us from disclosing anything about our merchants. Further, e-Path follows strict banking and finance industry guidelines regards client confidentiality. When was the last time a bank or finance company gave out the names of their clients?

It would be a highly effective marketing tool if e-Path were to publish the names of those businesses using e-Path, however, we are in the business of security at the highest possible level and pride ourselves on our security standards and policies that are all encompassing throughout our company.

But its not too difficult to find out who some of our merchants are. For example, e-Path merchants sometimes frequent a number of online e-commerce forums to share ideas and experiences, there they themselves make themselves known. e-CommerceTalk.com.au is one such place.

Q. Can you feed the data you collect into a database so I can store it on my website?
A. Sorry, no. Please view e-Path Security. This will tell you what we think about permanently storing credit card data in databases. If we stored highly sensitive data in databases we would be no different to the typical 'real time' payment gateway system - we represent a new era in security, not an old one!!

Q. How long to set up my gateway so I can use it?
A. If all information from you is complete and your application is approved and you have sent us your desired logo/graphic to use on your gateway, then within four to seven working days of your application being submitted.

Q. My bank insists I need an SSL, but you say I don't. I'm confused.
A. Your own exclusive e-Path gateway already has SSL. When you use e-Path your website does not need another SSL because your website has nothing to do with handling credit cards. Your bank may be getting mixed up, please point them to this website. Be mindful it is a requirement placed upon merchant account providers (banks) by the card vendors themselves (Visa, MasterCard etc.) that the bank must confirm an SSL is protecting things when credit card details are entered on the internet. They are doing the right thing by wanting this confirmed - send your bank the URL (web address) of your secure and exclusive e-Path gateway for them to become satisfied.

Having said that, the newer types of browsers may alert a customer when they move from a secure gateway location back to a website that is not secure. We would recommend installing an SSL on your website to ensure the connection remains encrypted even after e-Path has done its job and returned the customer to your site.

Q. In your Terms & Conditions you say I have to put a graphic on my site with a link to a disclosure page which tells cardholders what happens to their credit card details. What if I don't want to put this graphic and link on my site?
A. Open and honest disclosure to cardholders about how safe their credit card details are when paying using e-Path is part of the e-Path gateway package.

Cardholders have an absolute right to know exactly what is going to happen to their credit card details. If you do not want to display the graphic with link to the e-Path disclosure page then unfortunately you will not be able to use the e-Path service as it is a condition of the service. This will indicate to you on how serious we are about improving e-commerce for everyone, not just our gateway clients.

Q. Do you hold money and transfer it into my account?
A. No, sorry. e-Path does not touch or have anything to do with any funds from any credit card payment in any way. Please view section #1 or our Terms 0f Service Agreement/Merchant Agreement

Q. I understand if I use e-Path my website is not going to need PCI compliance certification which is going to save me a heap, but does my business still need some form of PCI compliance?
A. All businesses that accept credit card payments now require to do so in accordance with the PCI rules as it relates to their specific circumstances. There are many levels of PCI compliance. What PCI compliance level will apply to you will be largely determined by what merchant account/interfacing facility and method the bank is providing you and how you handle credit card data. Please consult with your bank.

But yes, by using e-Path your website or shopping cart is removed from needing PCI DSS compliance - because your online credit card handling activities are instantly PCI DSS cmpliant with e-Path.

Q. Do you have an API so people can enter their credit card details on my website?
A. Sorry, no. One of the fundamental strengths of the e-Path system is that your customer enters their credit card details within the heavily secure e-Path PCI DSS compliant environment.

Q. This is a real change in how things are done. Are you the only one of your type?
A. At time of writing, e-Path is one of only two new generation super-secure payment gateways that operate in this way. The e-commerce world has changed, and this new breed of CDU compliant gateway, of which e-Path was the very first, delivers on the demand for a far safer and more secure system.

It should be noted that our system is manual, so it will never replace the 'real time' gateway systems, but as a low cost alternative to it, e-Path achieves the sort of security no 'real time' gateway can even come close to matching.