ATTENTION AMERICAN EXPRESS CARDHOLDERS
Dear EasyPay customers
I am sure that you are aware that banks are all experiencing grave attacks on the integrity of their credit card systems
whereby credit card numbers are compromised and then utilised by fraudsters to make payments for goods and services using card not present channels
such as the Internet. The banking answer to this problem has been to simply refute transactions that are effected using these channels as the card
technology they use is obviously not able to identify, prevent and eliminate this type of fraud. The nett result is that our customers are being
prevented from using EasyPay as a payment channel which is unacceptable to us as our website complies to all banking rules and regulations and conforms
to all security standards and procedures.
We have thus decided to no longer accept American Express on our site but are delighted to offer a much safer
and easier to use alternative to our valued customers that will incorporate a loyalty programme which we believe is of greater value than that currently offered.
We intend to continue to develop our technological platform and to offer more products that will allow our customers to transact safely without being
limited to certain products or services.
We apologise for the inconvenience caused by the current flawed card technology and hope that you will endorse
our solution as part and parcel of your future payment solutions. Our staff will contact you to facilitate the change and ensure that you are the
first to benefit from our new technological offer.
Please give us the opportunity to service your payment need without limitation!
Dr. Serge Belamant (Chairman and C.E.O)
||EasyPay is proud to introduce VCpay, the simplest, the fastest and the most secure way to pay.
VCpay is a mobile phone application that allows you to create, on demand, a unique
virtual credit card that is intrinsically linked to the transaction you are effecting
or intending to effect. This means that only you can create such a virtual card
for an amount you specify in an off line manner using your mobile phone anywhere
EasyPay Responds to Press Reports regarding the Credit Card fraud.
Dear Valued EasyPay Customer
As you are probably aware, there have been a number
of reports in the press regarding "credit card fraud on the EasyPay website". Unfortunately
and incorrectly, certain banks have inferred or simply blamed EasyPay for the fraudulent
activities and have declined all transactions originating from the EasyPay website.
Despite these press reports, we can confirm that as of Monday 12 September 2011,
all banks, including ABSA, are authorising transactions from the EasyPay website.
Until further notice and on request from the banks, we will only be providing our
bill payment and pre-paid electricity services on the website.
EasyPay has for many
years provided a quality service and has, at all times, rigorously adhered to all
banking security standards including PCI/DSS (Payment Card Industry – Data Security
Standard) and 3D secure as defined by Visa and MasterCard. As a result, EasyPay
does not store any credit card information or maintain any database of credit card
information which could be utilized to perpetrate any fraud.
View the full letter now...
1. The root cause is that criminals have gained access to credit card numbers illegally and are then using these
to make payments or purchases on our and other websites.
2. EasyPay is unfortunately not in a position to determine the legitimate
ownership of any credit card used to make payments or purchases nor is EasyPay in
a position to either authorise or deny any of these payment instructions.
3. EasyPay, as a generic on-line merchant, is not responsible for
authorising or denying payment instructions. If the issuing bank approves a transaction,
EasyPay has no legal right to deny this transaction.
4. At EasyPay we do not store any credit card numbers or users'
private information when you effect transactions. The EasyPay website cannot therefore
be used by fraudsters to compromise any credit card data.
|How does a "credit card not present" transaction work?
1. The cardholder selects a product/service on the merchant website (e.g. EasyPay).
2. The cardholder selects to pay for the product or service using his/her credit card.
3. The cardholder enters his/her credit card number with its associated expiry date and CVV
4. The merchant website sends the credit card information, expiry date, CVV and amount to its acquiring bank
5. The acquiring bank forwards the payment request to the issuing (customer’s) bank for the bank to approved the transaction
6. An authorization code is sent back by the issuing bank to the acquiring bank that is to authorise or deny the transaction
7. The acquiring bank sends the decision back to the website of the merchant (e.g. EasyPay)
8. The cardholder receives the products/goods directly or indirectly. Transaction completed.
Therefore, the responsibility of any fraud is squarely in the hands of the issuer and/or acquiring banks as:
a) They are the custodians of the credit card numbers and of their respective Card Verification Value or CVVs (card verification values)
b) They have mandated the use of 3D secure which demands a further level of authentication (from the card holder) such as a password, username or a combination of both
c) They operate credit rating and fraud prevention systems that identify possible fraud and evaluate risk.
|What is 3D secure?
3D secure is a Visa-designed verification tool which serves as an additional security
measure to protect the issuing bank and its customers from fraudulent activities.
3D secure is used only in online environments (e.g. websites).
When your issuing
bank mandates 3D secure for your credit card type (BIN number, Platinum, Gold, Silver,
etc.) and/or you personally, the following process will need to be followed for
your online transactions to be approved by your issuing bank.
View full story...
Phishing is a way of attempting to acquire sensitive information
such as usernames, passwords and credit card details by masquerading as a trustworthy
entity in an email, or any form of electronic or telephonic communication. Once
the confidence of the card holder has been gained, it normally follows that the
fraudster proceeds with gathering all of the required information.
E-mail spoofing is the forgery of an e-mail header so that the message appears to
have originated from a reliably intentioned source, but is in fact from someone
or somewhere other than the actual source. If the credit card holder is not diligent,
or aware, then it is quite easy to follow incorrect/fraudulent email paths.
Cloning and Skimming:
Credit card skimming is when a person electronically records
the information of a credit card or debit card without the owner knowing about it,
with the intention of using that credit card information illegally when the fraudster
in turn shops online. The skimming process is the same as when the credit card is
swiped through any normal terminal. The skimming devices are small enough to fit
into the palm of a hand, and thus not easily detectable by the credit card holder.
Credit card cloning is when a copy of your credit card is made using the information
as gathered by Skimming your card.
Database Compromisation / Breach:
A database breach occurs when sensitive, protected or confidential data has potentially
been viewed, stolen or used by an individual unauthorized to do so. This normally
happens at the central repositories of all the sensitive information, such as banks
and credit card companies.
|Places where cards can be skimmed, phished or cloned:|
- Beware of
phishing: Victims should expect sophisticated phishing attacks that use your name,
your credit card number and your email address in an effort to get you to expose
more personal information. Never reply to any email requesting "verification" of
your account. read more ...
What can I do if my details are stolen?
- Determine the
type of breach: Find out exactly what data was exposed – did it include credit card
numbers; passwords; email addresses? Each answer suggests a different course of
action for resolution. read more ...
Description of the fundamental problems pertaining to the existing
cards have been used for making payments at POS devices and for drawing cash at ATMs.
As more channels
for making payments were introduced, the risks associated with the weak security
of magnetic stripe technology escalated.
credit card transactions off-line limits were set to very low levels forcing on-line
connections to be made resulting in frustration on the part of the genuine card
of magnetic stripe cards and the fraud associated with card and PIN has also resulted
in escalating financial losses by banks which transferred this liability to their
In the Internet
arena, payments made by credit cards, are still looked upon with skepticism and
many transactions are charged back to merchants when fraud is either detected or
Too many loop
holes exist in the security surrounding magnetic stripe based transactions resulting
in the lack of accountability, authenticity and the identification of the transactor.
Counter measures applied to secure the payment system:
A number of
initiatives have been implemented to attempt to curb the ever growing security threats
surrounding the payment industry.
The debit card
with "PIN entry" was introduced to ensure that the transactions conducted were indeed
effected by the card holders themselves.
was implemented as an intermediate counter measure until a more robust system could
be identified and implemented.
The system namely, the "EMV" (EuroPay, Visa,
MasterCard) standard, addresses a number of potentially fraudulent areas, specifically
those associated with skimming of the magnetic stripe technology.
The EMV standard
also attempts to introduce PIN identification as a mandatory step to effecting payment
transactions. This shares the same problems as those associated with any PIN entry
system as the PIN number entered can still be captured through electronic or visual
The EMV standard
makes it more difficult for the fraudster as both the card and PIN must be in possession
before any fraud can be performed.
EMV has been
implemented in many countries but has not as yet replaced all the locally issued,
internationally branded, magnetic stripe cards.
however have yet to subscribe to the EMV standard. The cost of EMV is perceived
to be excessive and thus no real commitment has been made to implement the EMV standard.
there must be an answer to security, local issuing and international interoperability
which does not enforce a standard that is only practical for one segment of the
population, and locks out any other payment system although the cost associated
with its implementation is borne by all including those that will never use it or
have no need for it.
As you are all aware, credit and debit card fraud is escalating throughout the world!
CARD NOT PRESENT fraud (this is where the transaction is effected without the recipient
of funds having sight of the card, such as is performed for hotel booking, car rentals,
flight bookings and internet payments) is escalating exponentially!
There are many
reasons given for this phenomenon such as:
The bottom line is that plastic cards, with or without embedded chips, are easy
enough to clone or compromise.
- the growth in the number of cards issued,
- the sophistication of fraudsters,
- eaves dropping devices,
- the introduction
of EMV (chip and PIN),
- contactless card solutions (payWave, PayPass, MIFARE) etc.
The solution is not to have a piece of plastic at all; but to have a VIRTUAL CARD
that is different with every transaction which is completely under the control of
the card holder and which is generated by your phone off-line!
NO on-line communication
required, NO centralised issuing.
This is a zero knowledge game!One cannot defraud
this system as to defraud any virtual card the fraudster would have to be the card
To implement our VIRTUAL CARD system, no changes are required to
acquiring systems, switches and card processors; only the issuing banks need to
know and understand virtual card language!
VIRTUAL CARD can revolutionise the "CARD
NOT PRESENT" industry, telephone buying and more importantly Internet buying, whist
eliminating, fraud, card detail compromisation, PCI-DSS compliance requirements,
3D secure and other attempts at protecting this open and mistrusted environment.
VIRTUAL CARD will run on any mobile phone and can be downloaded directly or through
VIRTUAL CARD can be linked to a bank account, any debit or credit
card or can act as a pre-paid or post paid account.
VIRTUAL CARD opens up new retail
markets that are currently only present in the USA mainly because of the credit
card fraud being experienced in other countries and the resulting charge backs.
VIRTUAL CARD is simple to use, always works and keeps track of all your purchases,
money transfers, loyalty points, etc.
VIRTUAL CARD can be used in loyalty schemes,
medical payment systems, banking or/and any other payment system.
VIRTUAL CARD does
not store any account numbers, card numbers or any other identification data whatsoever
and cannot therefore be used to compromise card holders' banking details.
phone companies can pre-load VIRTUAL CARD onto their mobile handsets and provide
a link between the VIRTUAL CARD and the prepaid or post paid service. Mobile phone
companies can participate in all transactions effected on a mobile phone such as
money transfers, loyalty redemption schemes, purchases for goods or services, etc.
And now EasyPay is very proud to make this VIRTUAL CARD technology available to
all South Africans.
Registration requirements and further details for VIRTUAL CARD
South Africa will be published on this site from Monday 7 November 2011. Complete
the registration forms, submit them to EasyPay and we will contact you with regard
to operational and direct financial benefits which will accrue to the VIRTUAL CARD
VIRTUAL CARD South Africa will launch its operations on 15 November at 09h00.
Just check the countdown clock.
EasyPay is proud to introduce VCpay, the simplest, the fastest and the most secure way to pay.
What is VCpay?
VCpay is a mobile phone application that allows you to create,
on demand, a unique virtual credit card that is intrinsically linked to the transaction
you are effecting or intending to effect. This means that only you can create such
a virtual card for an amount you specify in an off line manner using your mobile
phone anywhere and anytime.
VCpay works off-line and it is therefore not reliant
on mobile network coverage or its reliability, signal strength or availability.
As a result, VCpay provides you with 100% guaranteed service delivery and eliminates
the frustration and embarrassment we have all experienced when our traditional card
products fail to work due the failure of communication networks and/or the non-receipt
of confirmation SMS messages from our issuing banks.
VCpay works off line and thus
does not expose your account information or your identity, so it is impossible for
your personal and financial information to be compromised, intercepted, phished
or hacked – making VCpay the most secure, simplest and fastest way to pay!
do I use VCpay?
There are two ways to use the VCpay application:
You will be able to fund your VCpay account at the many EasyPay participating merchant
locations or through EFTs (electronic funds transfers) before you use our product,
just like any other prepaid service such as prepaid airtime and prepaid electricity.
POSTPAID MODE: We offer our EasyPay clients the option to apply for credit that
can be used with the postpaid VCpay account. Similar to a postpaid contract with
any mobile operator, you will be billed after using the product or service. We will
offer you credit at an interest rate that is guaranteed to be lower than the credit
card rate offered by any South African Bank. You can now apply for credit.
What are the VCpay benefits?
Our VCpay loyalty programme is based on our belief
that cash back is the most beneficial, ubiquitous and uncontroversial method of
rewarding our discerning customers. Our loyalty programme will credit your prepaid
VCpay account with 0.5% (50 basis points) of the value of every payment you make
using a VCpay virtual card.
Where can I get VCpay?
VCpay can be downloaded for
free from our mobi site at http://vcpay.mobi from the 15th of November 2011. In
the very near future you will also be able to download our VCpay application, for
free, from the Blackberry App Store, the Apple App Store or the Android market.
How does VCpay protect me?
VCpay fully guarantees every VCpay payment you make.
||Credit card skimming is when a person records the information on a credit card or
debit card without the owner knowing about it with the intention of using that credit
card information illegally. Skimming occurs commonly when the owner looses contact
with the Card or when a copy of the card is made, for instance at car rental companies
etc. It takes about 2 seconds to scan a card through a portable reader, and the
reader records all of the information on the credit card.
||Phishing is a way of attempting to acquire sensitive information such as usernames,
passwords and credit card details by masquerading as a trustworthy entity in an
email or any form of electronic communication. Phishing happens when criminals sends
you an email claiming to be from a recognised organisation, for example, EasyPay,
to mislead you into revealing sensitive information for identity theft. This may
be in the form of visiting a fake website or clicking on an email attachment. You
are told to visit a (fake) website where you have to enter sensitive information
such as passwords, credit card details or bank account numbers. Once you have supplied
your details, they are emailed to the fraudsters, and you are then directed to the
legitimate website. The fraudster will then utilise your identity and funds until
you become aware of this action and stop transactions on your accounts. Besides
the financial threat, of equal concern to you, should be identity theft and misuse.
||CVV is an anti-fraud security feature to help verify that you are in possession
of your credit card. For Visa/MasterCard, the three-digit CVV number is printed
on the signature panel on the back of the card immediately after the card's account
number. For American Express, the four-digit CVV number is printed on the front
of the card above the card account number.
||3D secure is a Visa-designed verification tool and acts as an extra security measure
to protect you from fraudulent activity. 3D secure is what your bank has put into
place to protect your card when you shop online.
||A bank that processes and settles a merchant's credit card transactions with the help of a card issuer.
||The first step in processing a credit card. After merchant swipes the card, the
data is submitted to merchant’s bank called an acquirer, to request authorisation
for the sale. The acquirer then routes the request to the card-issuing bank, where
it is authorized or denied, and the merchant is allowed to process the sale.
||A financial institution, bank, credit union or company that issues or helps issue cards to cardholders.
|Chip and Pin:
||Chip and PIN is the brand name adopted by the banking industries for the rollout
of the EMV smartcard payment system for credit, debit and ATM cards.
The "Chip and Pin" cards also house a magnetic stripe (at the back) which is the
fall back mechanism banks use whenever POS devices do not support "Chip and Pin"
or whenever the chip is dysfunctional (broken) or whenever a card not present transaction
is effected (e.g. Internet transactions as PINs are not entered, phone transactions
– hotel bookings, etc.)
||E-mail spoofing is the forgery of an e-mail header so that the message appears to
have originated from someone or somewhere other than the actual source. In short,
spoofing is a counterfeit email with stolen email addresses used without the real
address owner's knowledge or permission.
||The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted
set of policies and procedures intended to optimize the security of credit, debit
and cash card transactions and protect cardholders against misuse of their personal
information. The PCI DSS was created by four major credit-card companies: Visa,
MasterCard, Discover and American Express.
EasyPay will launch this new and secure system,
and make it available to our clients as per the countdown clock shown here.
Read the press reports and other interesting facts on the tabs as shown above.
Beware of Phishing Attacks
EasyPay would never ask you
EasyPay Responds to Press Reports
for, nor request you to update,
amend or alter
any personal, banking or credit card information via
. Always be sure that the website at the top of the page
(URL) is https://new.easypay.co.za
Do not supply any of your banking details (account numbers
/ PINs / etc.) when prompted to do so over the telephone. Contact your bank yourself
to check whether it has picked up fraudulent transactions on your account.
Do not become a victim: Never give your personal, banking,
credit card or PIN details to anyone by typing them in on a telephonic computerised
system or by typing them in on an email attachment or link!
Please visit our security centre to learn how to avoid these attacks and how to
stay safe. Visit our security centre now
As you are probably aware, there have been a number of reports in the press regarding
"credit card fraud on the EasyPay website". Unfortunately and incorrectly, certain
banks have inferred or simply blamed EasyPay for the fraudulent activities and have
declined all transactions originating from the EasyPay website.
View the full letter now...