21 YEARS OF TRUSTED PAYMENT SERVICE DELIVERY
Black Diamond Online is at the forefront of security. Providing you as the
customer the most secure possible payment systems.
Below are the body's, councils and systems that we are registered to.
Virtual Card Services was established in 1996 to offer a solution to the mail order market that found conventional methods of securing large volumes of credit card payment cumbersome and costly.
With more than 50 years’ collective experience in developing and implementing credit, debit and smart card processing systems for a major card issuer in South Africa, VCS was quick to identify the niche presented in providing a solution that exactly meets these needs.
The ‘Virtual Vendor’ system, which was developed out of this need, interacts with a bank’s existing legacy systems, while meeting the vendor’s demand for an automated, electronic transaction system. The business rapidly grew from this point by expanding the scope of services to all organisations requiring automated, high volume and secure credit card payment processing.
The company’s client list today boasts a cross-section of businesses that have realized the benefits of automating their credit card transactions.
For more info on our Payment Gateway CLICK HERE
Is a new method of security mandated by the Card Associations to enhance the security of online transactions. Mastercard’s product is called “SecureCode” and Visa’s product is called “Verified by Visa”.
The 3D-Secure refers to three domains involved in the security, they are:
- the Acquiring or Merchant’s bank
- the Card Association’s financial networks ie Mastercard and Visa
- the Issuing or Cardholder’s bank.
Very simply the system authenticates the cardholder before the transaction takes place by diverting the browser to the bank that issued the card, who then request some secret, perhaps a pin, from their cardholder that will conclusively prove that this actually is the cardholder entitled to use this card. Once they are satisfied that this is their cardholder they issue an authentication receipt which is then presented to the merchants bank along with the authorization request. If the transaction is then approved by the issuing bank they may not charge the transaction back to the merchant because the cardholder disputes the transaction as not being originated by them.
Virtual Card Services is compliant and in fact was the first South African payment gateway to be certified by both Mastercard and Visa for 3D-Secure transactions through First National Bank, Standard Bank and ABSA.
PCI Security Standards Council
Black Diamond Belongs to the PCI Council. The PCI Security Standards Council is a global open body formed to develop, enhance, disseminate and assist with the understanding of security standards for payment account security. For more info: https://www.pcisecuritystandards.org/
About Thawte SSL
Founded by Mark Shuttleworth in South Africa, Thawte was the first certificate authority to issue SSL certificates to public entities outside of the United States, quickly accounting for 40% of the global SSL market. In 2000, Thawte was acquired by Symantec and has become a key member of the Symantec family of trust brands. To date, Thawte has issued more than 945,000 SSL and code signing certificates since 1995, protecting identities and transactions in over 240 countries.
A World-Class Company:
Our history gives us a uniquely international view of business - one that reflects a truly global perspective. This orientation drives us to provide our services at a standard we can proudly say is world class. We offer expert support by phone, chat, and email throughout the global workday. Our Thawte® Trusted Site Seal, available in 18 languages, helps users verify the identity of web sites in their own language. In 2004, Thawte became the first certificate authority to recognize and secure Internationalized Domain Names (IDNs), enabling more people to navigate the web securely in their own language.
Our Core Business
Thawte-branded certificates benefit from the strength and reliability of the Symantec authentication infrastructure. Because SSL is our core business, we constantly improve our products to deliver the tools and features our customers want and need. Continuous investment in research and development keeps our practice standard among the highest in the industry and helps us stay well ahead of evolving security risks. Our data centers and disaster recovery sites provide unsurpassed customer data protection.
As a leading global certificate authority, Thawte provides online security trusted by millions around the world. Expert support, robust authentication practices, and easy online management make Thawte the best value for SSL certificates and code signing certificates. For more info: https://www.thawte.com/
General Security Information - what VCS is required to do?
As a payment gateway Virtual Card Services does not and cannot verify, authorise or settle any transaction. Virtual Card Services provides the conduit (the messenger) for information between the merchant and the merchant’s bank. Virtual Card Services performs the exact same functions the ‘speedpoint/swipe device’ does in a retail environment. VCS is the speedpoint/swipe device for the online transactions.
Virtual Card Services has limitations or restrictions and it is the banks responsibility to approve or decline the transactions VCS passes to them.
Information security is critical to our business. VCS protects the security of information during transmission by using 128 bit Secure Socket Layer (SSL) encryption. The VCS servers are certified by Thawte, a public Certificate Authority, ensuring the cardholder and the merchant that nobody can impersonate VCS to obtain confidential information. The number of employees involved in the management of the VCS data centre that have physical access to the production servers is limited. VCS uses firewalls and other security technology to prevent access by unauthorised persons and against disclosure, alteration or destruction. VCS continually reviews and enhances its security systems in line with technological changes.
The merchant is never permitted access to the cardholder’s card details held on the VCS system. Even so it is extremely important that merchants protect against unauthorised access to their Virtual Terminal login ID and password. The merchant can assign different security access levels to his terminal users. Virtual Terminal’s Personal Authentication Message is a security feature that confirms to the terminal user that he’s connected to the real Virtual Terminal. Additional security features to prevent parameters from being modified and security alerts to block fraudsters are available to the merchant at no extra cost i.e. the MD5 hash feature.
Using the “Virtual Terminal” security alert configuration, merchants using the VCS secure payment page can block persistent attacks by particular fraudsters. The merchant can select from a range of security alerts and apply them to their payment facility. Users with access to more than one terminal can Copy Alerts from one terminal to another.
An additional security measure is for merchants to opt for payments from local cards only thus blocking foreign card transactions. The bulk of fraud attempts stems from foreign cards.
MasterCard/Visa International - 3DSecure
3DSecure is a security protocol implemented by MasterCard/Visa International. The principle behind 3D Secure is that the system should authenticate the cardholder and therefore their eligibility to use a card, before processing a transaction – if successful, there is a liability shift away from the merchant and their bank to the cardholder and their bank. Thus protecting the merchant against fraudsters.
3DSecure is a bank requirement for all eCommerce merchants and the bank registers the merchants with MasterCard/Visa International. 3DSecure is only active for card issued by MasterCard and Visa members. There are exclusions eg: business cards and private label cards. We have no indication as to when Amex and Diners will come on board.
Bank Security Information (what the bank will do)
The bank carries out their own security checks on transactions presented for authorisation and settlement. These include checks for lost cards, stolen cards, attempted fraud, hot cards etc. The verification, authorisation and settlement is handled between the merchants bank and the cardholders bank (and not by VCS).
Merchant responsibility (what the merchant must do)
The merchant has certain responsibilities, these include their own security checks. When delivering to ensure that the recipient actually resides at the delivery address for follow up in case of fraud, who will sign for the delivery and to check that the actual credit card used is in their possession. The merchant should also familiarise themselves with the Terms & Conditions under which they acquired a merchant facility from their bank. These are normal Card processing rules and requirements and are not dependant on the method of processing. The method of processing refers to speedpoint/swipe device or VCS.
We value our customers and we as Black Diamond are here to conduct business in a secure and professional manner. Feel free to send us a message if you have nay further questions.
If you have any questions please contact us:
► Cell: +264 85 646 8423 (Namibia)
► Landline: +264 63 233 668
► WhatsApp Us: +264 85 646 8423
► Email: email@example.com