Safety & Quickpay
Quickpay payment solution uses SSL-encryption when communicating with acquirers. Likewise SSL/TLS-encryption is used in communication between customers and the server, where Quickpay is placed. This means, that all information, that is sent over the internet, is encrypted with a security-certificate.
PCI-certification
Quickpay is certifcied in accordance with the latest version of PCI DSS Level 1. This is a comprehensive process which, amongst other things includes:
- An annual “Report on Compliance” (ROC), that is carried out by a “Qualified Security Assessor” (QSA)
- Quarterly scans of the network, that is carried out by an “Approved Scan Vendor” (ASV)
- A long list of rules and guidelines for our workflow and handling and storage of data.
The purpose of the PCI-standard is to have a common, international standard for, how credit card data is to be handled. The standard defines a number of requirements for storage, transmission and handling of card data - and how it is controlled, that the requirements are met.
Both consumers as well as e-commerce shops benefit from increased security requirements, that comes with the new PCI-certification. By using suppliers, that have completed the PCI-certification, the risk of fraud is reduced and it gives the customers better safety.
VISA list over PCI DSS Validated Services Providers
Mastercard list over certified Service Providers (scroll down for a link to the latest version)
Retention
As a requirement in the PCI-certification, stored card data must be deleted after a certain time, depending on the status of the transaction.
- Authorize: 5 years
- Capture: 365 days
- Refund: 365 days
- Subscription: 365 days
- Rejected: 90 days
- Cancel: 90 days
And:
- test transactions: 180 days
- transactions in “initial”: 180 days
PCI-hosting
Many merchants want to adjust the payment window and payment flow 100% to their own wishes and needs. Our aim is of course to make our generic payment window as flexible as possible. But we understand that we can not meet everyones requirements with the standard Quickpay payment window. Even though there are very good opportunities for branding and design.
Typically, the merchant has to make a choice between having to undergo a full and costly PCI certification or compromise on design requirements and flexibility. With PCI hosting you avoid the full certification while achieving full flexibility of the solution.
PCI Hosting is only merchants with 5-digit (or more) number of transactions each month
PCI hosting is unfortunately not a service we can offer all merchants. PCI certification is an extremely cumbersome process, so unfortunately it is only a facility we can provide merchants with many transactions each month. You should at least run a 5-digit number of transactions through Quickpay each month. If you have fewer transactions, we refer to Quickpay’s branded payment window.
What is PCI-hosting?
PCI hosting is a “webhotel” placed in our PCI certified environment. It complies to what Nets defines as “hosted solution”. Merchants who use a hosted solution can not even get contact with card data and are exempt from having to be compliant. The basic idea is that merchants have a safe place to get hosting for their payment window. You can design this payment window exactly as you want and then after a successful “Authorize” forward the customer back to your own shop / server.
What is our URL / hostname?
You can choose to use Quickpay domain and SSL certificate and get an URL like: https://pay.quickpay.dk/your_business_name/ or you can choose a hostname of your choice. You must pay extra charges for annual renewal of the SSL certificate.
Available resources
Basically, you must think of the contents of the PCI-hosted environment as simple as possible. It is not allowed to host your entire shop. It is only the payment window that will be hosted by us - that is, only the Authorize part of a transaction. All other types of transactions (capture, reversal, credit, recurring, etc.) can well be performed through Quickpay API from your own hosting setup.
How is the development process and how do we proceed
If you wish to use Quickpay PCI hosting, we recommend that you first contact us so we can talk about your solution, needs and the further process.
Development wise, it is you as a merchant who develops the payment window and you do this in your own development environment. The more complete and more simple you make it, the cheaper and faster it can be implemented. Once you have developed the payment window, you contact us and we will move the files to Quickpay’s PCI-hosted environment. You do not get access to this environment. We manually review all files (since we are responsible for card data can be compromised) and then copy the files to the already agreed URL.
