Credit Card Security
Online fraud has become an issue of great concern to many people as incidents of lost or stolen credit card numbers become known. CNIB customers may ask you what we have done to minimize the risk involved in e-commerce.
During the payment process, all transmissions between the customer’s computer and the web store are encrypted. As soon as the customer selects the “Checkout” button, all communications are encoded in such a way that only the two computers involved in the transaction can decrypt the messages. CNIB uses digital certificates from Verisign, a leading vendor of e-commerce security products.
The customer’s credit card must, however, be sent for validation to the payment gateway’s computers. This transaction is also sent using secure, encrypted communications.
Moreover, CNIB does not store customer credit card data on the web store systems. Many e-commerce sites store their customers’ credit cards on their computers. This is because the credit card can only be charged once the item is ready to be shipped to the customer and re-authorization may be necessary.
However, E-xact Transactions Ltd., the company that provides the payment gateway for CNIB credit card payments, allows the use of “tagged” transactions in which a transaction number is stored on our computers rather than the customer’s credit card data. The payment gateway keeps the credit card data under secure storage, linked to the transaction number. When the order is ready to be shipped, CNIB sends the transaction number to E-xact, which manages the transfer of money from customer’s credit card account to our bank.
