Payment processing is a service that allows websites to sell online by accepting payment via electronic methods such as credit cards, debit cards and bank transfers.
Provided by payment service providers, payment processing is the technical connection or 'gateway' between a website and the financial institutions or 'acquirers' that govern different payment methods. To put it simply, without a payment service provider you won't get paid.
A merchant account is a type of bank account that allows you to offer and receive the transaction funds from certain payment methods. Merchant accounts are provided by various banks and financial institutions – known as acquirers.
A merchant account enables you to authorize and accept certain payment methods before you can start distance selling. If you want to add more payment methods to increase conversion, you usually need to open additional merchant accounts with other acquirers. We can advise you on this and introduce you to the right acquirers for your business.
The Back Office is the secure website where you manage your PostFinance account. Once you have logged in, you can check and edit your administrative details, manage your payments, change your technical settings and much more. To log in, you simply need your payment service provider ID (PSPID) and your password.
A User ID identifies the specific user of an account.
If your account has more than one user, you log in by filling in your USERID, your payment service provider ID (PSPID), if needed, and your password. Please make sure you click on the 'Log in as user' link so that all three fields are displayed.
If your account only has one user, you will not need a USERID. You will log in using only your PSPID and password, so please make sure your login screen only displays two fields. If you can see three fields, click on the 'Log in as PSPID' link on the bottom left of the screen to log in as a merchant.
For a DirectLink or Batch integration, the parameter USERID corresponds to the API user set up on your PSPID. Please note that the API user is not able to log in to the PostFinance Back Office.
An acquirer is a financial institution that processes payments from certain credit and debit cards. The acquirer is responsible for the financial part of transaction processing and PostFinance is responsible for the technical part. In other words, without an acquirer the money will not be transferred to your bank account.
For every online payment method you want to add, you need an acceptance contract with an acquirer. If you’d like advice on which acquirer would be best suited for you and your region, please contact your sales contact.
PayPal Seller Protection is a way to make accepting payments through PayPal even more secure and hassle-free. It safeguards your business against losses from charge backs and payment reversals, so that you can:
- Spend less time dealing with claims of items not received
- Protect yourself from losing money to payments made with stolen credit cards
To qualify for the Seller Protection guarantee, all you need to do is ensure your PayPal transactions include the following shipping details:
- First name
- Last name
- Post code
- Country code
- Whenever a buyer makes a claim, chargeback or payment reversal, you simply provide PayPal with proof of delivery or proof of shipment and they will release any held funds.
Phishing is a derivative of the word "fishing". The replacement of the 'f' by 'ph' is probably based on an abbreviation of the expression "password harvesting fishing".
Phishing operators use e-mails, hypertext links and Internet pages to redirect you to fake websites where you will be asked to disclose confidential data such as your bank account details or credit card number. A malicious e-mail generally asks you to confirm your password, bank details, account numbers, credit card details or other similar data by clicking on a link contained in the message. This link then directs you to a fake page with an address that is almost identical to that of the original site.
- Be careful with e-mails.
- It is very easy to fake a sender's address: the author of the e-mail you receive is not necessarily the service provider you believe it to be.
- Do not reply to e-mails asking you to enter personal data. Service providers such as PostFinance, banks, credit card issuers, etc. will never ask you to disclose your password, credit card number or other personal information by e-mail.
- Enter links manually. Do not click on any links contained in suspicious messages: enter the URL address manually (for example, the address of your bank, the PostFinance platform) or look for it in your Favourites. Links contained in fraudulent e-mails can direct you to fake websites. The differences in the URL addresses are often very difficult to spot. The appearance of the site can also be deceptive.
- Check the encryption of Web pages. Before entering any of your personal details in a website, check that the site encrypts personal data by looking for https ("s" for secure) in the Web address and a closed padlock or non-broken key icon in your browser. Unfortunately, the padlock icon (and the key) can be forged on certain systems. Check that you are actually on the site you think you are on by double-clicking on the padlock icon to display the site's certificate. Make sure that the name on the certificate and the name in the address bar are the same. If the names are different, you could be on a fake site.
- Check your bank and credit card statements regularly.
- Upgrade your computer's security: Enable an anti-phishing filter to identify fraudulent sites before you visit them. Some browsers (e.g. Internet Explorer) have this kind of filter. Otherwise, you can install it as a toolbar. Regularly apply the latest security fixes for your operating system and the software installed on your computer. Install a firewall. Install anti-virus software and keep it up to date.
What should you do if you become a victim of phishing?
If you think you have received a phishing e-mail, proceed as follows:
- IMMEDIATELY change the passwords and/or PIN codes for the online account with the company whose identity has been usurped.
- SEND the fraudulent message to the company in question. It will generally have a special e-mail address to notify any such attacks.
- NOTIFY the phishing attempt to the relevant authorities (local police, Internet Fraud Complaint Center, Anti-phishing working group).
- RETAIN all PROOF of the fraud. In particular, in the event of a phishing attempt using an e-mail, do not delete the e-mail, since it contains, hidden in the header, the information required to trace the source of the attempt.
PostFinance and communications:
- PostFinance will never ask you to disclose your personal financial data or other personal information (password, credit card number, bank account number, etc.) by email.
- PostFinance will never request any merchant to perform a payment operation (please note, however, that in some specific cases when you have reached out to us for an ongoing transaction issue, we can ask you to perform again the failed operation).
- PostFinance will never disclose by e-mail any full credit card number.
Payment Confirmation e-mails sent by the PostFinance platform will never contain any attachment.
For further information: