|
|
Actinic Payments
|
Secure payment processing
|
|
Secure checkout for increased sales
Offering secure payment on your ecommerce website is essential to your customers.
Actinic Payments is an innovative payment solution directly integrated into the eCommerce software and offered exclusively to all Actinic customers. It is powered by CreditCall, a robust and reliable infrastructure, and offers the highest level of functionality of any secure Internet payment system compatible with the platform.
| |
|
|
|
Easy to set up and use
All you need is a merchant account number that can be used for Internet payments Once your account is opened we can set up Actinic Payments for your ecommerce website and you can accepts all major credit cards including Visa, Mastercard, American Express, Maestro and Delta. With Actinic Payments it is easy for you to manage as you have one point of contact for both your ecommerce website and online payment processing.
|
Highly secure with sophisticated fraud screening
- Full PCI-DSS Level 1 compliance. View the compliance certificate for CreditCall which powers Actinic Payments.
- Sophisticated fraud screening enabled through The 3rd Man, 3D Secure, support for CVV2 (the 3 digit card verification number) and AVS (for verifying a customer billing address).
|
Affordable and Reliable
- Powered by a robust and reliable infrastructure, carrying millions of transactions per month with 99.998% up-time since 2005.
- Actinic Payments competitively priced and available in fixed price bands according to your usage. See the Actinic Payments pricing below.
|
Unique, time saving functionality
- Previous card details are easily identifiable by the last four digits of the card along with the card expiry date.
- Commit pre-authorised Actinic Payments transactions making for fast and efficient order processing.
- View and control all fraud indicators from the Actinic order screen. No need to open the virtual terminal.
|
Actinic Payments pricing
|
Actinic Payments packages are competitively priced and available in fixed price bands according to your anticipated usage, with a charge per additional transaction, plus a set-up fee.
|
Packages
|
Price
|
Setup Fee
|
Transactions included
|
Additional transactions
|
Actinic Payments 100
|
£120 per annum
|
£20
|
800 per annum
|
£0.39p
|
Actinic Payments 20
|
£20 per month
|
£50
|
350 per month
|
£0.10p
|
Actinic Payments 40
|
£40 per month
|
£50
|
600 per month
|
£0.08p
|
Actinic Payments 200
|
£200 per month
|
£50
|
3000 per month
|
£0.06p
|
Prices excluding VAT You can upgrade to a higher package at any time. Each payment or refund that is not voided counts as a transaction. The contract period for annual contracts is one calendar year and monthly contracts are 30 days.
|
|
|
|
How to activate Actinic Payments?
|
|
Add Actinic Payments from your back office
|
|
Send us your merchant account information
|
|
Manage payments securely for your shop
|
|
|
|
PCI DSS Compliance
Security of payment card data is crucial in the online world. The standard to protect card data is the Payment Card Industry Data Security Standard (PCI DSS). This is a joint venture between Visa and Mastercard, supported by all banks.
Compliance with this standard is compulsory for all merchants who accept payment cards. You must be PCI DSS compliant if you handle, process or store payment card details either on computer or on paper. Broadly speaking, PCI DSS covers rules about encryption and protection of card data from hackers, but it also has rules on physical security of your buildings.
There are severe penalties if card information is compromised as a result of non-conformance with PCI DSS. As part of your agreement with your acquirer, you agree to these penalties. If you are discovered to be non-compliant, but have not lost card information, you may be fined or may have your percentage charge increased drastically until you become compliant.
|
Who is responsible for complying with PCI DSS?
The responsibility for PCI DSS compliance rests with you, the merchant and your card acquirer. If they have not already done so your card acquirer will be taking steps to ensure your compliance. Suppliers such as Actinic or SagePay are not responsible for your compliance.
|
How do I become PCI DSS compliant?
You can become PCI DSS compliant in one of two ways:
- Use Actinic Payments or an alternative payment service provider (PSP). Your customers and employees only ever enter card details into the site of the PSP. That way, the PSP does most of the worrying about compliance and you are left with some straight-forward actions. Actinic strongly recommends this route. Actinic Payments is PCI DSS Level 1 certified.
- You can try to make your infrastructure compliant yourself. This is complicated, difficult and expensive. For the majority of small businesses, achieving proper compliance will probably not be practical or cost-effective. Actinic is unable to help merchants achieve compliance through this route due to the inherent risks and costs involved.
|
Are Actinic software products PCI DSS compliant?
All Actinic software products when used with a PCI DSS compliant payment service provider (PSP) such as Actinic Payments are either immediately PCI DSS compliant or can easily be made so.
If card details are captured at the merchant’s site then you are not PCI-DSS compliant.
|
Am I truly PCI DSS compliant?
The confusing thing about PCI DSS compliance is that it is possible for the bank (or the bank's recommended security company) to imply that you are compliant when you are not. If you look at the small print you will find that it's you that is stating you are compliant, not any third party service.
True compliance i.e. where you would pass a proper audit of the standard, is almost impossible for a small company to achieve unless a compliant Payment Service Provider (PSP) is used.
Although you may pass a security scan, if your security is compromised the banks will check everything, and anyone who stores card data, whether using Actinic or another system, will end up by being declared non-compliant and will then be fined and forced to follow the most stringent rules.
It is also important to consider that the activities of hackers. They can now be organised gangs of criminals targeting companies who store card data. As the big guys get more on top of things, their attention is moving down the market.
Therefore, because of the threat from hackers and the impossibility of properly securing servers without spending huge amounts of time and money, our position is that no small business should capture card data on their site and they definitely shouldn't store any card data. Instead they should use a PSP for web orders so their servers never see the card details. It's the quickest, safest and cheapest way of becoming compliant.
|
Can I capture card details and re-key them into my PDQ machine?
It should be noted that card scheme rules state that each of CP (card holder present), CNP (card holder not present) and ecommerce payments are required to be flagged separately. If you take card details online through a PCI DSS compliant system, but then manually re-key them into a CNP PDQ machine, you will not be compliant with card scheme rules and 3D Secure cannot be supported. This is why Actinic does not supporting such configurations.
If you wish to pursue this route, follow the standards at www.pcisecuritystandards.org/
Note that even if your buyer enters their payment details into a page on your website and then passes them to a PCI DSS compliant PSP, your website must still be fully PCI DSS compliant, as you are collecting the card details and passing them on. This is because any compromise of your website could lead to a rogue third party being able to acquire the card details.
|
What paperwork do I need to complete to become compliant using a PSP?
If you only take card payments for ecommerce orders using the web page of a compliant PSP, your website does not need a security scan, although it is still good practice to do one. You are SAQ validation type 1, and need to complete SAQ form A.
Details of up-to-date SAQ forms can be found at: www.pcisecuritystandards.org/saq/instructions_dss.shtml#instructions
If you use a compliant PSP to capture all card data, when completing your SAQ tick "Yes" and simply put the name of the PSP in the "Special" column for the requirements that are fulfilled by the PSP (so for Actinic Payments you would put "Via Creditcall", who provide our service, in the "Special" column).
If you do not use a PSP to capture card data, a lot more compliance activities are required.
|
|
| |
|
|
|
|