Frequently Asked Questions

Following a detailed review, Australia Post has agreed to sell SecurePay to digital payments provider, Fat Zebra. This decision is part of Australia Post’s strategy to simplify its products and services. An extended handover period will ensure a smooth transition for SecurePay customers.  

Merchants were advised by email on 1 April 2025. The email can be viewed here. If you did not receive this email, please email us at support@securepay.com.au . 

This decision is part of Australia Post’s strategy to simplify its products and services, to ensure it remains sustainable into the future.  Australia Post’s current focus is on building and maintaining a sustainable letters and parcels service. 
 
Fat Zebra is a dedicated digital payments provider, processing more than 250 million transactions for over 38,000 Australian merchants annually. This acquisition aligns with Fat Zebra’s strategic growth plans and comes quickly after the recent acquisition of Pin Payments in December 2024. 

An extended handover period will ensure a smooth transition for merchants and customers. 

No. Your existing service agreements are with SecurePay, so there is no requirement for you to sign new service agreements.

No action is required. We are dedicated to making the transition smooth for you and your customers. You can anticipate the same exceptional service and support you have always experienced. 
 
However, we do ask merchants to please note SecurePay has updated its Terms and Conditions to reflect the SecurePay Privacy Policy. For more details, please see the Online Payments Services Terms and Conditions on the SecurePay website.

For now, there will be no changes to your current SecurePay services or how they are delivered. SecurePay will continue to provide notice of any pricing or integration changes as per the current Terms and Conditions. 

For new services (including the addition of Apple Pay, DCC and subaccounts), please note there will be limited functionality available on LaunchPad during the transition. Please reach out to our Sales team via the SecurePay Help and Support page for any further assistance. 

No, there are no changes to your pricing or integration at this stage. SecurePay will continue to provide notice of any pricing or integration changes as per the current Terms and Conditions.

SecurePay has updated its Terms and Conditions to reflect the SecurePay Privacy Policy.  For more details, please see the Online Payments Services Terms and Conditions on the SecurePay website: SecurePay - Terms and conditions 

No, we are committed to supporting you throughout this transition, ensuring you have the resources and information you need. The following support channels will continue to be available:  

• email support@securepay.com.au  

• phone 1300 786 756 

• SecurePay Help and Support page.   

No, there are no changes to SecurePay’s PCI DSS compliance. 

No action is required. Australia Post (and Post Billpay) will remain a customer of SecurePay to offer secure online payments.  There will be no changes to Post Billpay online payments; and no impact to the way your customers pay their bills with Post Billpay. 

Yes. Post Billpay will continue to use the SecurePay platform for online payments. There will be no impact to the way your customers pay their bills with Post Billpay online or in our retail outlets. 

A chargeback is received when a cardholder disputes a transaction with their card issuing bank. A chargeback can occur when the merchant has made an error at the point of sale, for example, an expired card has been used. A chargeback can also occur when the cardholder or the Card Issuing Company ("the Issuer") is disputing the transaction. For example, the card or cardholder were not present at the point of sale and possible fraud may have taken place.

You will be sent an email advising of a Request for Information, including the details you need to supply should you wish to dispute the chargeback. Evidence must be submitted within 10 business days.

A cardholder dispute is when a cardholder contacts their card-issuing bank to dispute a transaction processed on their card. The card-issuing bank then contacts the acquirer of the transaction (NAB) who then contact the Payment Facilitator (Australia Post/SecurePay) to forward each dispute to the customer for notification, investigation and resolution. You will need to provide supporting evidence to prove the cardholder authorised the payment they are disputing.

You have 10 days from receiving the notification to provide supporting evidence. The process ends when either an outcome is reached by the card issuer based on evidence provided, the merchant does not respond, or the 45 day time period lapses.

There are methods you can implement to avoid fraudulent transactions such as:

• SecurePay’s FraudGuard tool - FraudGuard provides you with greater control in detecting fraud. With FraudGuard you can enable a set of transaction rules. If these rules are broken the transaction is declined on the spot.

• 3D Secure 2 - 3DS2 is SecurePay’s solution to help ensure cardholder authentication and protection against fraudulent transactions. It allows the cardholder’s identity to be authenticated by their bank at the time of purchase.

• CAPTCHA forms - A CAPTCHA is a program designed to tell the difference between human and machine input. Having a CAPTCHA form on your website can help protect your business from scammers who might try to make fraudulent purchases on your website.

• Tokenisation - Tokenisation technology replaces credit and debit card numbers with a long string of random numbers. The credit and debit card number is encrypted and stored in an off-site PCI compliant vault that is separate from your data systems. This process makes it more difficult for hackers to gain access to sensitive data outside your tokenisaton system, so it’s a good way to combat the threat of fraudsters.

• Ship goods to a verified address - Shipping to a verified billing address which has passed postal code and street address checks is always the safest option. When using an address that has not been verified, you cannot prove that the order was shipped to the legitimate cardholder if the payment is later disputed.

You can contact us on 1300 786 756 or support@securepay.com.au

Yes, you can simply log in to our Merchant Login and navigate to Accounts receivable -> Take a payment -> Cards, and complete the form. The transaction will be processed straight away. The authorisation result will be returned by the banking network.

Yes, you can refund transactions through SecurePay. Multiple refunds may be performed on a transaction if the total refunded amount does not exceed the total of the original payment. Refunds can be performed through SecurePay's APIs or online from our Merchant Login facility. Merchants can only refund a payment back to the card used for the original payment.

Yes. SecureBatch allows clients to upload a file of transactions via the Merchant Login.

All SecurePay credit card payments return real-time responses from the card-issuing bank or the SecurePay server. Response codes consisting of 2 digits are returned by the card issuing bank. Response codes consisting of 3 digits are returned from the SecurePay server. Details about each response code returned can be found here: Response Code.

SecurePay allows the processing of Visa (credit and debit), MasterCard (credit and debit), American Express, Diners Club, Apple Pay and JCB. PayPal is also available as a payment method for the SecureFrame and Direct Post integration methods.

Yes. Just as anyone travelling overseas can pay for goods and services with their credit card, any cardholder with an appropriate card may make a payment using SecurePay. The transaction is conducted in Australian Dollars and the foreign currency conversion is then handled by Visa or MasterCard.

The login credentials are used to log in to the SecurePay Merchant Login. They consist of a 3 character Merchant ID (MID), a username and a password. The API credentials are used to identify your SecurePay account when sending payment requests from your website to our payment server. Your API credentials will include a 7 character Merchant ID and an API/Transaction Password.

Yes. The SecurePay payment system can be integrated within a website so that the look and feel is retained. Many of our products allow customisation.

You can be notified of system or provider issues by subscribing to our status page here.

SecurePay can provide a daily report file of transactions processed the previous day. This report can be retrieved via the merchant login or emailed.

For SecurePay Gateway customers, settlement of funds is dependent on your merchant bank. Please contact your merchant bank for more information.

For SecurePay Online Payments customers, settlement of funds into your nominated account will be determined by our internal risk assessment policies. If you do not know your settlement profile, please contact the support team on 1300 786 756 Option 2 or email support@securepay.com.au.

To change your SOP settlement account, please contact the SecurePay accounts team on 1300 786 756 Option 3 or email accounts@securepay.com.au.

For change of settlement bank account details, complete parts 1, 5 and 9 of this form and email it to support@securepay.com.au.

If you do not know your Internet Merchant ID and Internet Terminal ID, please contact your merchant bank for those details.

Yes, we have a sandbox environment accessible to the public. Please see public testing account details below.

Test Merchant Login URL: https://test.login.securepay.com.au/v4/

Merchant ID: ABC

Username: test

Password: abc1234!!

Test integration details

Merchant ID: ABC0001

Test Transaction Password: abc123

The SecurePay test environment has been set up to return a response code equivalent to the cent value of a transaction being processed. For example: Processing a payment for $1.00 (or 100 cents) will return a response code "00 Approved". Processing a payment for $1.51 (or 151 cents) will return response code "51 Insufficient Funds".

Yes, however refunds are not debited directly from your account and instead are debited from your next settlement. If you aren't due to receive another settlement (eg. if you have closed your SecurePay account), you will receive a negative balance notification via email with payment advice.

A negative balance occurs if you complete a refund or experience a chargeback. The reason this is referred to as a 'negative balance' is because SecurePay is covering the cost of the refund/chargeback, rather than it being deducted from your bank account.

If your account goes into negative balance, the next settlement will cover that amount then settle as usual. If no future settlement occurs, your account will remain in a negative balance until this is offset by a future settlement or it is manually paid.

If you have been requested to send data via a secure method, then the following is the SecurePay public PGP key to be used when encrypting data that is to be sent to SecurePay.

Some instructions on using the below key for Linux users.

1. Copy the key into a file and save it as something like “SecurePayPublicKey.asc” on your Linux server in a temporary location (e.g. /tmp/securepay)

2. Import the public GPG key:
   gpg --homedir /tmp/securepay --import SecurePayPublicKey.asc

3. Encrypt the data file:
   gpg --trust-model always --yes --no-tty --batch --homedir /tmp/securepay --recipient support@securepay.com.au --encrypt DATAFILE.TXT

GPG should then create a DATAFILE.TXT.gpg file. You can now send this file to SecurePay via the agreed upon method of transfer.

User ID: SecurePay SFTP <gpg@securepay.com.au>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQINBGHqGEYBEADPnEO0idL8li/YJZNHXgZUJVYRQ9fEYcqpPI57K2EM+TW9S6Rs
xpNesWTvbmmv/nzuhcLChBSeDotqaaTWzoOPYQEx74AoG36HTBVH0De4s9pkLtxK
eftPeSTtyAmhKCbcPSSxSjbDFVQcp/YxX9doPSE8+f49cTlZbhyRz6SlEMOb4EMG
fvlJBJOdmI7eDFltKzFz1wcnwa32P7xqzYj6uE+bYEr+mjGfpZqv7IKNQMF9Qz7d
8bXKb95opdoLK6qm+oqJkbCkq0+tBhyk3CfYsTTF5visWUJ4/Qh/w8bln9r5Gj33
31QWkOavMHK0I5BmenJTt/jeBgg4ziI3ahbqQCTSFPH5cXq3W4RxfQ6LsxSVWMcF
e/PO9ssDivuhIkCOoMk8XQsVy8dTazfi0qfWqcctR1BakLFjlMrJFAax1zXLom6r
4h8KFXzL99WrazWPwtY+LThRkVDmjiZ1YFxpqssXAG/baFQdHcKXGzzuESXFSGCV
+nWBreYffjGZa6pcpJhw+y70csV31/5blhQKYx7rvQ9js+XiwiesRhzTc2xQCVOL
exPqsFYS2M7E8w077zn4E5zjeIRi6AYIVO/mJhrP/byA9Im93li/gw0Yf2fn7QUR
6yhVXlj7kFox4GIY3t7Su8HsR0EGmKFOIr7eJssBcnb9z8tqOW3hr7fPgwARAQAB
tCVTZWN1cmVQYXkgU0ZUUCA8Z3BnQHNlY3VyZXBheS5jb20uYXU+iQI5BBMBAgAj
BQJh6hhGAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQ0Y5lOPvrq69V
bxAAkFg+h9zfJI5VUZqLhIMIVOe1oX/GpRQvtk97JosZSM53e3WhAliKrYz/A1Il
jS8ityxEaoz8wk4TvOQW4J3+gM8L16f5c0BldyuSba5GO2T23nC037ZY7EN+VtJF
fOFSu/RGDGOVJ2aL56Owh6M6/mAWvm1OulUFjUvSXuO9SZhvRgwNFCAs+HWj9Z71
NODC1hrusb83MkdIqM3AQKHQHyZTRiB2Htx7EWd407ls5ihu9TGIgNzC8K5vmSwx
IY65XzqFRjxaI0FPRezYEWSZlxb+KQ0zeGkQKYICUkwtLGtVeQw2/f2cbN16czxc
a+jgPw15NMrkN98HDGoR2/k06n4ybmogA2rotarna8ZiEoX4PXkuNS4B6sh7XWeY
oViB4koirhq2nCauSbySgg3gPV2KPQ9ACasYQo/hBqx8aqHSNHIhBK82G3wg1Fyo
5QccbRwKaJBLkblKWGkY0Zurfn63r8M3PptIJzT3XrDgEPe5D3sC2lr3yknL5a8C
tCKtlPI/XA4ldjA9RbQTnm3qz7Jc8eeGF175ejBaJ9hxj8U/7UfYRdYqCA0yYnLu
ufB35GN4NmfHi8mn3nk6Hk/xcTo4hu+vmaS9vVxsohtaW1/gvEspXM6ZlEtBEpX8
++Az2JFaC5rtFjf5GaopioIeQGAgohX5jkln2n7xJvjNOjm5Ag0EYeoYRgEQANOh
vlIXrmIgy9j8ES1z5ExSKp5r56vkZDJgAhRN9ewiOZICV8Mq+V6WtMMcT19KCqLI
xylerdnxcpKYsDt8T3g0tPFpz87Hbvf32nKj3z53mgsW3Rdg7+oG6hm/vklMC1cK
BbHVe70rwuz1jt+JlVsaxldTXzChlZXAERmk7NwXiRaZQKXiHVN2UdDJUsm5qLda
7E7W7qSbofslULy2THZBQgMFi+EMLOQTnnArnZllk/gzjvg4UfuP9I37sRsG8fTf
/m6MhQEyeKopmeFTjq277xPV+ni2IrRi4Z3TnwLE1UcQRCDMGVqAc595NK6tZ4Ez
rixMX1U9rSMxQpu9RT4zWN/h62Mm+mVSKK0okV+mxAtDD8tRahzqDNrAKqZgvGaE
Dmz5fUxE+EuVRk2O904oKU1ajXGumO8He1IhNIBLtfEhx4sY+izWh24yXy1vNb1B
s5Ee5Muv57e0WU1zEbs3YoTZsn3HJrxOxz7bJnrnre5CP81wOQna2qlf6WU13vxb
NmxyjmoJx9F/QJZOmQoBVwZDdZ2vGAZIdXBfVH5wYLMGw9oWrXzfiy2WrA15zM0n
pfkMNo0F9colZvch+YNsTwA6w1R2ELzZbugIGH0MjXlhQmZSCJnFUYjlxJC57FMK
q8vXQ+dzypBGJHApvnZNnEC0qYyMt868HVCLvzHFABEBAAGJAh8EGAECAAkFAmHq
GEYCGwwACgkQ0Y5lOPvrq6/YYQ/9F8LQf9135ohht1hOtxKyOAQ4VK4pYaA4uvPP
wurtyRaTakl+nSDW+Ki4rKXHwx8TAWZbyV6j8q8RTz2AMtATqJzB4aNWfgvnmIHP
Hn23vq6jcEuTWKFiYcvQJykvIbq6RenfKHjwHUN+H3UzWI1KkDQ/XUqXMf/uhJxO
32Bk92rg6nHS7ZoDsmFQepSN3mwhyW+O7UmRDo2kEOPy245ZJ2vxdQjTQyh3qWSC
XAZt1lBz+C7u8qIt6Tw4hC3ItOfJbjpKblKjoEJGx/JFMV+ArbTrfVwlzWCWwTn0
z//x4ximDm/TQGyonvizqU6kBnm92jmHR3YwGK4jP3i9r0XNdDmIjwBPcAcEOAdI
uEPYmzZ059n+MAox7UVfsIj+U791+cUptvc93TpONIFAVuWz6KiepuBmD9Gqb/Fa
M+nAxSpC5N6+u0UGCmU293bfxyXyknIF8loG3VyC4uXgzN499jliPsdYJ+GUvALO
EjAi4pFDR9m5AnV+2+ssbnNYJN5JBfOTLdXFHYhUEywoXGAIfV2eyBxU+1hAbnv5
7Y4E1mhtfJWxFqZYDC2NlH4zuwOg+fXN9XHXAIYKhF7KR4qwncilosBqn7zZVwO6
ZBt70FV1n29UPNMIDEOWpOTVxUsfelbFs7HmzpXxms77NUlfEsbTCiQkWg+UaT3k
pH8HeGA=
=ghhV
-----END PGP PUBLIC KEY BLOCK-----