Payment Express Limited along with its affiliates and subsidiaries (“Payment Express”), is committed to protecting your privacy as an internet user whenever you buy goods or services from a merchant that uses Payment Express payment solutions (“Merchant”). The Merchant will generally be using Payment Express payment solutions when the cardholder is using a credit or debit payment card over the internet, telephone, fax, unattended or integrated EFTPOS system. Payment Express recognizes its responsibility to keep confidential at all times any information that Payment Express acquires in connection with such a transaction, whether directly from a cardholder or Merchant. Payment Express protects personal information (at a minimum) to the Payment Card Industry Data Security Standards (PCI-DSS). Please note, however, that Payment Express’s responsibility is limited to protection by Payment Express of information that Payment Express obtains. Payment Express itself cannot control the use or disclosure by your Merchant of any information that it obtains from you.
Collection of Information
To enable Payment Express to provide secure payment facilities, it will typically acquire information which may include the cardholder’s name, credit card number (with the expiry date) and billing address. Payment Express does not collect such information on behalf of the Merchant and will only use and disclose such information in accordance with these terms.
Use and Disclosure of Information
Payment Express uses the information to obtain authorization of the transaction from the issuing bank of the payment card and Payment Express’s own or the Merchant’s bank (the “acquirer” or “acquiring bank”) and to process the payment. Some details from the transaction (such as name, email and delivery address) may be made available to the Merchant or acquiring bank through Payline – Payment Express’s web-based transactions management system, which allows Merchants to track transactions and process refunds. Payment card numbers themselves will be encrypted and stored by Payment Express securely, and will not be provided to the Merchant.
Payment Express is committed to data security. Payment Express uses a variety of technologies and procedures to help protect personal information from unauthorized access, use or disclosure. For example, Payment Express stores the data in computer servers with limited access that are located in controlled facilities secured by advanced surveillance and security technology. When Payment Express transmits sensitive information (such as a payment card number), Payment Express protects it through the use of encryption, such as the Secure Socket Layer (SSL) protocol. Credit card details stored onsite are encrypted using 168bit 3DES encryption. Payment Express is a level 1 certified PCI-DSS compliant provider.
PCI-DSS, the Payment Card Industry Data Security Standard, is a set of security requirements relating to the protection of cardholder data. The standard is governed by the Payment Card Industry (PCI) Security Standards Council, an organisation put together by most of the major card schemes – VISA, MasterCard, American Express, JCB and Discover. It is relevant for any entity that stores or transmits sensitive cardholder data, that being generally things like the PAN (card number), card security code, track data, and PIN block. Preceding PCI-DSS, the card schemes had their own standards, and the VISA Account Information Security (AIS) standard formed the basis to most of the PCI-DSS requirements. Click to view our PCI-DSS compliance certificate.
Storage of Information