PayFast is committed to keeping you, your customers and all sensitive information secure. We have a multitude of automated and manual checks in place to protect both buyers and sellers from fraudulent transactions. Online retail has a fraud rate between 1 and 2% of all transactions. Through effective controls, PayFast’s is currently below 0,2% and still going down.
PCI-DSS Level 1 Compliant
We use Extended Validation SSL with 2048-bit encryption. Only two of the four major South African banks use this –the highest– level of encryption currently available.
All sensitive info is encrypted within our own database.
We run penetration testing on our system on a weekly basis to look for vulnerabilities. We are only required to do it once every three months, but we run it every week.
Our entire site, blog, payments page and help site all are served off secure servers, making it harder to perpetrate phishing attacks.
3D Secure is in place for all credit card transactions.
Two-factor authentication is available to restrict access to your PayFast account.
We use GEO IP tracking to see where transactions are originating from and look for mismatches between this and the card’s issuing country.
Our system automatically checks for suspicious payment velocity.
We use BIN/IIN validation to check for card-issuing bank locations and merchants can choose to enable/disable payments from certain countries.
Payments and card details are automatically checked against large online databases of blacklisted details.
All suspicious transactions are manually reviewed by our stellar Support Team.