Quickstream Test Cards

[Christina Smith]

Maliciousthird parties may try to use your website to determine if stolen card details are valid. They try many small payments using different card numbers and expiry dates. The approved cards are then used to defraud another merchant for a larger amount. This is called "card testing".

Privacy Statement (for individuals whose personal information may be collected - in this clause referred to as "you"). All personal information we collect about you is collected, used and disclosed by us in accordance with our Privacy Statement which is available at Privacy Statement or by calling us through your relationship manager or Westpac representative. Our Privacy Statement also provides information about how you can access and correct your personal information and make a complaint. You do not have to provide us with any personal information but, if you don't, we may not be able to process an application or a request for a product or service.

Information on this website has been prepared without taking into account your objectives, financial situation or needs. Before acting on the advice, consider its appropriateness. You should also consider the terms and conditions applicable to the product. The terms and conditions are relevant when deciding whether to acquire or hold a product. Contact your Westpac representative should you need to obtain a copy of the terms and conditions applicable to the product. Unless otherwise specified, the products and services described on this website are available only in Australia from Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian credit license 233714.

When I try to change the country in Account settings, Google asks for that country's payment method (Credit card). I don't have access to Vietnamese test cards and the ones from card generator don't work (obviously). Any ideas on how I can skip adding a payment method? The account is used only for Sandbox testing purposes.

Fraud Guard helps detect and block fraud for your business. Fraud Guard performs checks on Internet transactions and suspends those it deems suspicious. It's built into QuickStream and integrated into the REST API and QuickWeb payments flow. You can start using Fraud Guard without any extra development time.

Fraud Guard provides a set of default rules and thresholds when you first turn it on. QuickStream lists the rules in the order they run. Depending on your business needs you may want to configure these thresholds and change which rules are toggled on.

Fraud Guard allows you to adjust the default thresholds and active rules for which payments are suspended in your Facility Settings -> Manage Fraud Guard. Changing these settings will automatically apply the activated rules and thresholds at which payments are suspended, so that everything stays in sync.

Activating rules and setting the thresholds at which you suspend payments requires you to consider a tradeoff between how much fraud is suspended and how many payments are allowed. As you change the Fraud Guard settings you may:

To test the impact of changing your rules you can set Fraud Guard to run in Passive mode. Fraud Guard can operate in an Active mode where transactions are suspended, or a Passive mode where unusual transactions are processed normally but the Fraud Guard processing result is recorded for later reporting.

In Production, you may set the Fraud Guard mode to Passive before switching to Active mode. Export your transactions periodically to test how your rules are performing before making changes in Active mode.

Fraud Guard allows you to create your own lists of information that can be used to suspend matching payments. Lists can be easier to manage as you learn more about how your customers are making payments. For example, you may have payers that are travelling in common countries but their cards should be issued from the countries you do business.

Any business-level configuration will override the facility-level configuration for that business. When you view the rules for that business, QuickStream displays difference between each rule at the business and facility levels.

Online payments fraud involves someone obtaining someone else's card number and then using it to make unauthorised payments. Eventually, the real cardholder will discover the transaction and initiate a chargeback with their bank. When tuning your Fraud Guard rules, keep costs in mind:

Human reviews can add an additional layer to your fraud prevention strategy. These reviews provide additional insight and control. They may also be a burden for operational resources or become hard to manage in peak times. Using the QuickStream REST API you can request:

QuickVault Batch registration is a file based solution that allows you to preregister customer account details with Westpac. These account details can then be used by any of your Westpac payment solutions.

This document describes the QuickVault solution and explains how to register accounts using the batch registration method. High level requirements as well as detailed step-by-step instructions are included to help with the implementation process.

QuickVault is a Westpac service that allows you to store a customer's card details or bank account details securely outside of your system. This process is commonly referred to as preregistering customer account details with Westpac.

The primary purpose of QuickVault is to help your card solution become PCI DSS compliant. The term PCI DSS stands for Payment Card Industry Data Security Standard. It is a security standard that has a number of requirements for processing, transmitting and storing card details. QuickVault has attained Level 1 PCI DSS compliance - the highest level achievable. To learn more about PCI DSS visit _standards/pci_dss.shtml.

To register account details, your system will provide a Registration Request File to QuickVault. This file contains details about every card or bank account you wish to register. QuickVault will process the file and store the account details. Once all the accounts have been processed a Registration Response File will be provided to your system. This file will contain a summary of all the registration attempts. You will then process this file and remove the customers' account details from your system.

Migrating existing accounts is necessary if you currently have customer account details stored in your system. The purpose of account migration is to move these account details out of your system and into QuickVault. This is a once off process that is performed before any new accounts are registered.

Batch registration is the quickest and most efficient way to migrate accounts. It allows you to migrate all of your accounts using just one file. The diagram below shows the high level steps involved. These steps take approximately 3-5 minutes to complete for a standard file containing 10,000 accounts.

Once all the accounts have been processed QuickVault sends a Registration Response File to your system. This file lists each account and states whether or not it was successfully registered. It also includes the unique token registered against each account.

New accounts are not usually registered via batch registration. In fact we generally recommend against using this solution for new accounts, mainly because it requires account details to be stored in your system before being sent to QuickVault. This increases your system's exposure to card details and makes it more difficult to become PCI DSS compliant.

There are a number of other solutions that are more suitable for registering new accounts. These solutions are described in the QuickVault Summary Guide. If however your system is structured in a way that requires you to use batch registration for new accounts please talk to your implementation manager.

There are a number of tasks involved in the implementation process. Each task is described in detail in the following sections of this document. A summary of the tasks and their corresponding section is listed in the table below.

To help with the implementation process, we have included a requirements checklist for you to complete as you work on each task. The purpose of the requirements checklist is to help identify and keep track of your requirements.

The kick-off meeting is the first meeting between your organisation and Qvalent. This typically consists of a telephone conference with the relevant people from your organisation, Westpac and Qvalent.

One of the first tasks in the implementation process is to identify what type of account model you have. The account model identifies the number of accounts a customer is allowed to have. There are two options available. You can choose either:

The single account model allows a customer to have one account registered. This account will be used every time the customer makes a payment. The account details can be replaced, but there can never be more than one account active.

In order for your solution to use the single account model all of your customers must be structured this way. If any of your customers have more than one active account you must use the multiple account model instead.

For example, a customer may have two policies - policy1 and policy2. The customer may wish to pay for policy1 with a Visa card then pay for policy2 with an Amex card. Using the multiple account model you can register both cards in QuickVault. Then later, when it is time to make a payment, the appropriate card can be used.

A token is a unique identifier for a particular account. It is a shared identifier, meaning your system and QuickVault will both agree to use this value when referring to the account. At the time of registration QuickVault will store the token alongside the account details. Then at the time of payment your system will provide this token to your Westpac payment solution so it can lookup the corresponding account details.

A QuickVault generated token is a value that is created by QuickVault at the time of registration. It uniquely identifies a particular account. We recommend using this type of token rather than a client generated token if:

3a8082e126