Payment security and anti-fraud system

Secure payments

  • Filtering of transactions carried out using payment cards: automatic checking of bank cards.

- Blocking and logging of cards considered as « fraudulent »
- Verification of the card security code, and request for confirmation sent to banks.
- Communication of lists of fraudulent cards to the CTIF (Belgian Financial Intelligence Processing Unit).
- Systematic application of the 3DS protocol put in place by Visa and MasterCard for all transactions when applicable by the issuer banks.

  • Guarantee that transactions will not be denied: all payment carried out via a HiPay wallet account guarantees non repudiation, the issuer cannot deny being the author of the transaction in question.
  • Monitoring and storage of data: all transactions carried out using HiPay wallet are saved and stored in our database for a period of 4 years plus the current year. This service enables the traces of a transaction to be retrieved if a dispute arises.

Confidentiality of data

  • Exacting identification protocols: temporary password to be changed when connecting for the first time (when first signing up or in the event of forgetting a password).
  • Regular checks run by the Verification team.
  • Purchasers: no personal data is sent to merchant sites without prior authorization. Anonymity respected.
  • Any modification of personal data is done via e-mail with verification of identity.

Anti-piracy system

  • Identification using a virtual keyboard: Reinforced access security.
  • Automatic session expiry: after 30 minutes of inactivity, re-identification required.
  • In the case of unusual activity: block the account and trigger an investigation procedure.
  • Anti-phishing protection: a anti-phishing key needed during registration allows to check that HiPay wallet is the sender. Possible to be changed any moment.

Always check

  • The contact source: all e-mails sent by the HiPay wallet Customer Support originate from no-reply@hipay.com. That said, it is always a good idea to check to make sure that the anti-phishing key is contained in the e-mail.
  • The anti-phishing key: This information, which is required when signing up, must be given in each written electronic exchange. This key is also used to check the identity of our customer care officers during phone conversations made by HiPay wallet. The anti-phishing key can be changed in “Personal details” and “General Information”.
  • Site address any link to the HiPay wallet will have the domain name:https://www.hipay.com/….
  • Site security: when paying for a purchase made on a site using HiPay wallet as a means of payment, the pop-up navigation bar must indicate https://www.hipay.com/…, and must inform the user that it is a secure page.
  • Disconnection after use: always log out after exiting the account.
  • Updating browsers: Up-to-date browsers: the best-known browsers such as Firefox© or Internet Explorer© have filters to detect phishing sites. For maximum security, HiPay wallet recommends regular updating. Please signal any suspicious content via e-mail abuse@hipay.comor contact@hipay.com.

Security principles

  • Never divulge your password by e-mail or telephone.
  • HiPay wallet will never send an e-mail requesting that personal data be updated. Should you receive such an email, do not reply and inform HiPay wallet.
  • You can make sure you are actually speaking with approved HiPay wallet personnel on the phone by asking for the personal anti-phishing key.