How to set up auto payments?
Cartell’s new auto top up feature can be activated by simply ticking the enable auto top up box the next time you add credit to your account as highlighted below:
Ticking the box provides permission to Cartell to top up your credit by €200 every time your remaining balance drops to €50 or less. This will ensure you never run out of credit and will mean you won’t have to contact Cartell every time you run out of credit.
Many of our customers have requested this feature to facilitate a more convenient topping up process. If you have any questions on activating the auto top up feature or have any suggestions or feedback on it, then please let us know.
How to cancel?
If you have activated the auto top up option and subsequently decide you don’t want to use it then it is as simple as getting in touch with us via email or telephone to let us know you no longer wish to use the feature, and we will disable it.
What if my card details change?
Saved payment method details can continue to work even if the physical card has been replaced by the issuing bank. Our payment processor Stripe works with card networks and automatically attempts to update saved card details whenever a customer receives a new card (e.g., replacing an expired card or one that was reported lost or stolen). This allows your customers to continue using your service without interruption and reduces the need for you to collect new card details whenever a card is replaced.
However if you are unsure if your new or replaced card will be able to auto top up successfully then simply get in touch and we’ll add the new card for you.
Are my card details safe?
In addition to offering their own security guide for integrations, Stripe uses strong encryption, fraud protection, and PCI compliance controls to help maximise security and safety while transacting online.
Stripe encryption
Stripe encryption provides peace of mind for merchants and customers alike. It secures both payment information in transit and stored payment information.
On the web, Stripe forces the HTTPS connection for all services using TLS (transport layer security), also known as SSL (secure sockets layer). That means anything sent to or from Stripe is encrypted, including the Stripe public website and the Dashboard.
When you’re using Stripe.js, you can only access it over TLS. Additionally, all of Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection. That helps secure customer information, including sensitive payment data, while it’s in transit.
Encrypted stored data
Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs on separate machines from Stripe’s primary services, such as the API and website.
Any stored card number is encrypted with AES-256 (Advanced Encryption Standard), which is the industry standard for security data. The keys to decrypt the card numbers are stored separately, and none of Stripe’s internal servers can access the plain-text card numbers. Servers can only request that cards be sent to an already whitelisted provider.
In addition, Stripe encryption extends to communications. Stripe uses two PGP keys to encrypt messaging and verify signed messages. When you securely contact Stripe, you use the general PGP key; when you send sensitive data like credit card information as part of a data import, you use the data migration PGP key.
Stripe encryption doesn’t stop there. They regularly audit their security measures, including the certificates they serve, the certificate authorities they use, and the ciphers they support. Stripe uses HSTS to make sure browsers are only accessing Stripe with HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.
Stripe fraud prevention
Radar is Stripe’s fraud protection mechanism. It uses machine learning to detect and block fraudulent transactions, and it’s built right into Stripe. Radar trains on data from millions of global companies, allowing its machine learning algorithms to become smarter and better at detecting new kinds of fraud.
Radar is customized for modern internet transactions. The old ways of fraud protection were never meant for online transactions, but Radar was built specifically for them and helps prevent unnecessarily declined transactions and lost revenue.
Stripe fraud prevention also includes the use of 3D Secure, which is also known by its brand names (Visa Secure, Mastercard Identity Check, or American Express SafeKey). Stripe is supporting 3D Secure 2.0, which introduces “frictionless authentication” and provides a better purchasing experience than 3D Secure 1.0.
3D Secure 2.0 is the main card authentication method used to meet the upcoming SCA (strong customer authentication) requirements for PSD2 in the EU and a key way for businesses to request exemptions to SCA. 3D Secure 2.0 was designed for smartphone use and requires less customer back and forth — but still provides a very secure way to authenticate purchases.
Stripe supports 3D Secure 2.0 on their new payment APIs, mobile SDKs, and on the new version of Checkout.
Stripe PCI compliance
PCI compliance is a complex, challenging standard. If you handle any kind of credit card data, you need to be able to prove that you comply with PCI DSS (data security standard).
PCI DSS sets a baseline level of protection for consumers and helps reduce fraud and data breaches across the entire payment ecosystem. It’s applicable to any organization that accepts or processes payment cards.
PCI DSS compliance involves three main things:
- Making sure that sensitive credit card details are collected and transmitted securely
- Storing that data securely, which includes encryption, continuous monitoring, and testing the security of access to the card data
- Annually validating the security controls in place, which can require forms, questionnaires, external scanning services, and third-party audits
Stripe has been audited by a PCI-certified auditor and is certified PCI Service Provider Level 1, the highest level of certification that can be achieved in the payments industry.