Frequently Asked Questions

A chargeback is received when a cardholder disputes a transaction with their card issuing bank. A chargeback can occur when the merchant has made an error at the point of sale, for example, an expired card has been used. A chargeback can also occur when the cardholder or the Card Issuing Company ("the Issuer") is disputing the transaction. For example, the card or cardholder were not present at the point of sale and possible fraud may have taken place.

You will be sent an email advising of a Request for Information, including the details you need to supply should you wish to dispute the chargeback. Evidence must be submitted within 10 business days.

A cardholder dispute is when a cardholder contacts their card-issuing bank to dispute a transaction processed on their card. The card-issuing bank then contacts the acquirer of the transaction (NAB) who then contact the Payment Facilitator (Australia Post/SecurePay) to forward each dispute to the customer for notification, investigation and resolution. You will need to provide supporting evidence to prove the cardholder authorised the payment they are disputing.

You have 10 days from receiving the notification to provide supporting evidence. The process ends when either an outcome is reached by the card issuer based on evidence provided, the merchant does not respond, or the 45 day time period lapses.

There are methods you can implement to avoid fraudulent transactions such as:

• SecurePay’s FraudGuard tool - FraudGuard provides you with greater control in detecting fraud. With FraudGuard you can enable a set of transaction rules. If these rules are broken the transaction is declined on the spot.

• 3D Secure 2 - 3DS2 is SecurePay’s solution to help ensure cardholder authentication and protection against fraudulent transactions. It allows the cardholder’s identity to be authenticated by their bank at the time of purchase.

• CAPTCHA forms - A CAPTCHA is a program designed to tell the difference between human and machine input. Having a CAPTCHA form on your website can help protect your business from scammers who might try to make fraudulent purchases on your website.

• Tokenisation - Tokenisation technology replaces credit and debit card numbers with a long string of random numbers. The credit and debit card number is encrypted and stored in an off-site PCI compliant vault that is separate from your data systems. This process makes it more difficult for hackers to gain access to sensitive data outside your tokenisaton system, so it’s a good way to combat the threat of fraudsters.

• Ship goods to a verified address - Shipping to a verified billing address which has passed postal code and street address checks is always the safest option. When using an address that has not been verified, you cannot prove that the order was shipped to the legitimate cardholder if the payment is later disputed.

You can contact us on 1300 786 756 or support@securepay.com.au

Yes, you can simply log in to our Merchant Login and navigate to Accounts receivable -> Take a payment -> Cards, and complete the form. The transaction will be processed straight away. The authorisation result will be returned by the banking network.

Yes, you can refund transactions through SecurePay. Multiple refunds may be performed on a transaction if the total refunded amount does not exceed the total of the original payment. Refunds can be performed through SecurePay's APIs or online from our Merchant Login facility. Merchants can only refund a payment back to the card used for the original payment.

Yes. SecureBatch allows clients to upload a file of transactions via the Merchant Login.

All SecurePay credit card payments return real-time responses from the card-issuing bank or the SecurePay server. Response codes consisting of 2 digits are returned by the card issuing bank. Response codes consisting of 3 digits are returned from the SecurePay server. Details about each response code returned can be found here: Response Code.

SecurePay allows the processing of Visa (credit and debit), MasterCard (credit and debit), American Express, Diners Club, Apple Pay and JCB. PayPal is also available as a payment method for the SecureFrame and Direct Post integration methods.

Yes. Just as anyone travelling overseas can pay for goods and services with their credit card, any cardholder with an appropriate card may make a payment using SecurePay. The transaction is conducted in Australian Dollars and the foreign currency conversion is then handled by Visa or MasterCard.

The login credentials are used to log in to the SecurePay Merchant Login. They consist of a 3 character Merchant ID (MID), a username and a password. The API credentials are used to identify your SecurePay account when sending payment requests from your website to our payment server. Your API credentials will include a 7 character Merchant ID and an API/Transaction Password.

Yes. The SecurePay payment system can be integrated within a website so that the look and feel is retained. Many of our products allow customisation.

You can be notified of system or provider issues by subscribing to our status page here.

SecurePay can provide a daily report file of transactions processed the previous day. This report can be retrieved via the merchant login or emailed.

For SecurePay Gateway customers, settlement of funds is dependent on your merchant bank. Please contact your merchant bank for more information.

For SecurePay Online Payments customers, settlement of funds into your nominated account will be determined by our internal risk assessment policies. If you do not know your settlement profile, please contact the support team on 1300 786 756 Option 2 or email support@securepay.com.au.

To change your SOP settlement account, please contact the SecurePay accounts team on 1300 786 756 Option 3 or email accounts@securepay.com.au.

For change of settlement bank account details, complete parts 1, 5 and 9 of this form and email it to support@securepay.com.au.

If you do not know your Internet Merchant ID and Internet Terminal ID, please contact your merchant bank for those details.

Yes, we have a sandbox environment accessible to the public. Please see public testing account details below.

Test Merchant Login URL: https://test.login.securepay.com.au/v4/

Merchant ID: ABC

Username: test

Password: abc1234!!

Test integration details

Merchant ID: ABC0001

Test Transaction Password: abc123

The SecurePay test environment has been set up to return a response code equivalent to the cent value of a transaction being processed. For example: Processing a payment for $1.00 (or 100 cents) will return a response code "00 Approved". Processing a payment for $1.51 (or 151 cents) will return response code "51 Insufficient Funds".

Yes, however refunds are not debited directly from your account and instead are debited from your next settlement. If you aren't due to receive another settlement (eg. if you have closed your SecurePay account), you will receive a negative balance notification via email with payment advice.

A negative balance occurs if you complete a refund or experience a chargeback. The reason this is referred to as a 'negative balance' is because SecurePay is covering the cost of the refund/chargeback, rather than it being deducted from your bank account.

If your account goes into negative balance, the next settlement will cover that amount then settle as usual. If no future settlement occurs, your account will remain in a negative balance until this is offset by a future settlement or it is manually paid.

If you have been requested to send data via a secure method, then the following is the SecurePay public PGP key to be used when encrypting data that is to be sent to SecurePay.

Some instructions on using the below key for Linux users.

1. Copy the key into a file and save it as something like “SecurePayPublicKey.asc” on your Linux server in a temporary location (e.g. /tmp/securepay)

2. Import the public GPG key:
   gpg --homedir /tmp/securepay --import SecurePayPublicKey.asc

3. Encrypt the data file:
   gpg --trust-model always --yes --no-tty --batch --homedir /tmp/securepay --recipient support@securepay.com.au --encrypt DATAFILE.TXT

GPG should then create a DATAFILE.TXT.gpg file. You can now send this file to SecurePay via the agreed upon method of transfer.

User ID: SecurePay (File Transfer Key) support@securepay.com.au

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQGiBE7e8dQRBAD2PPKW/i4IAjHUEM4UlaOk1IYJ8DxvW6y/d6Eb5qnN+2aoRxak
k04RPQLb/uUpT+q7oFBG5P6dOepGT7YtAxmxERxLGxMXjP4Pwbb4I3DUMr2ukavU
P5y4ZlzwmyNbtJjLG6Luf/k4oOlATEmAIZMmMz4Sc15dV9CL6Qt4LcctAwCg0A89
6duY9hlqOuLDr5EfsXS0dQ0EANCingyV2EWdQOgiH2trfO7AJFxEf8/R0jpxinoD
tQsNqx0/WrsoYCQHO20QxoiLreOV7IY6wyX/HpxmYmtZyjPbR7ScPrpd5RrPEFKl
Rrz6niSoiWXZo80s9OKYLuSEiJ2vP8mQj0axBb0m3L9hsHrl/7QumNQyWJNGZzvJ
DAYmBAC/ITNQ3N1zKPpSXtskW6BvLBPIsdcBfPKCkNbXUDyTMKQclVP9CD1c4hze
qhSorlCcHX6p96tUzDqfvWEGwa+4XiG+jdI+iIHXWRtbjoSa+wYA7qZwDC4nl+Fs
ym+h8pciEtWxsMd0b5lh+dFAcSTczi3rVnBPNmWMq2SmA7gQK7Q4U2VjdXJlUGF5
IChGaWxlIFRyYW5zZmVyIEtleSkgPHN1cHBvcnRAc2VjdXJlcGF5LmNvbS5hdT6I
YAQTEQIAIAUCTt7x1AIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENrR8yJl
1y+8Q8IAnj5wPzYdmG6noMWv7Qk5sDlfV+MyAKCcuU13LfT2+ijz/ErK9EFPFnjx
ebkCDQRO3vHXEAgAiYG1/SRG1qsfMhQTxsR4jlBslX918K7PkymOeEq6tXU4TM4o
8beV6USUb2Q2DHxTQr4ClJrTq5L6bNtZ3oQrgJlv34dwUCkLuOHwPdIJFE0tHE/Y
XPgaVfmZ6U2ZWETNoSHa5MC2dxbUoYv/pD3DjdR6wNrcL1fCn0MwkU5GvCGX0T8z
5YErJqCCTeoxYDUKaPz+yXmqUZkdKYwyejgvhtwUkCX1xT/8swBjjaSHY0qjdbaM
OAlqVR7KlYIUwPCyitvaobsfANbIHq5pij4NSrCnVA74VfVLfLW/ofAj2CqzH7lP
tqr/uJQCsr78Q5Hu46062CvEy/PkOO0WxipPtwADBQf/Xo4cfjARpLWgO7dT6noH
uds0cf7dA4uHYi1oP0P0KGSSyKNoJp0EyEYAaIMrvsUkCmp/4LnjSBtUzObRKUli
5UOh3ZIvIa+XeHo7K92MJ4IL3Ofm77j3PKYWFAYHb0zbHveHVjhKImSAA6Ys46hi
h1LSdKVEr0cTEt2Hl579LgiL/Bunvk+gd8uxCgaJLXTAbeKCIYJgF+l493W7qFj3
XNY5YKsVtYSfP06q3B9vTb2ckbqO5m1cItlrxb2qyb7ydMW82l4NO2y2iI3+IER+
9NASZ21EvZnFdvIhbUs2GINKU+Q63xEbjcL7OTYlHnB1vnkqbt0ra0aHI0C+tVDU
9YhJBBgRAgAJBQJO3vHXAhsMAAoJENrR8yJl1y+8iZoAoMKK6ADY7NxVA1hzOR5n
SDWNQ8+WAJ92MdO3VzAJqarOYJiX0OA5DJppSw==
=m10w
-----END PGP PUBLIC KEY BLOCK-----