PayGate founder and managing director, Peter Harvey says that business is good “and November is on target for being our best month of trading in our history,” despite reporting a systems breach in August which exposed the details of a number of credit cards.
PayGate is an intermediary between online retailers and banks in online shopping transactions.
On Friday (9 November) the Payments Association of SA (Pasa) announced that private credit card and banking details were leaked during a breach at a company which processes online transactions.
Pasa CEO Walter Volker confirmed on Monday (12 November), that the company in question was PayGate, but added that there was no need for undue concern by cardholders.
Harvey said that PayGate reported the attack on its systems immediately to the banks, card associations and law enforcement in August.
While it is unclear as to how many people may have been affected by the breach, Harvey said that card associations and banks had been pro-actively monitoring credit cards that may have been exposed during period of attack.
“Banks have been contacting cardholders directly where necessary. They have been dealing with it with their customers. We have not been involved in this process.”
The MD stressed that PayGate did not store any personal details like addresses or ID numbers.
“We do store email addresses so customers should be vigilant when it comes to phishing mails. We encourage card holders to check their monthly statements carefully, as a matter of habit, and report any suspicious transactions to their bank immediately. SMS transaction notification is a good mitigation tool too,” he said.
According to Harvey, PayGate has made a number of changes to make sure its systems are more secure going forward.
“Communication between merchant websites and ours has been locked down. We have increased merchant password access complexity and security, and made a number of changes to our server infrastructure under the guidance of international forensic and PCI approved data security experts.”
“We are grateful to our merchants for their cooperation and understanding during our introduction of system and security upgrades,” he said.
Harvey said he could not divulge the method(s) of attack at this stage, as the matter is still under investigation.
“When matters are concluded we would like to share our knowledge of the breach techniques used on us. We believe this shouldn’t be viewed as a competitive advantage among merchants and payment service providers, but rather as a way to improve the security of payments systems and the industry as a whole,” he said.
When asked if the attack had potentially tarnished the group’s image, Harvey noted that PayGate had a very close personal relationship with its merchants.
“They have been understanding and feedback from them has been heartwarming. Things like this happen to high profile businesses in our industry worldwide. We were lucky to catch it early. As a result of our security upgrades and with help from international security experts, we are now more secure than ever before.”
“We shielded our merchants as much as possible so they were largely unaffected. It was quite a shock for us when it happened in August, but over the past three months we have made some major advancements as a result of the experience.”
“We are keeping a list of learnings which we would be happy to share with the industry over time. Business is good and November is on target for being our best month of trading in our history. PayGate has been serving the e-commerce market reliably as a trusted service provider for more than twelve years, and we intend to continue to do so,” Harvey said.