What are the benefits of using PesoPay e-Commerce payment services?

  • Simple and Easy: A simple application opens up the door to a one-stop payment gateway and merchant account service. Implementation effort is minimal with no extra hardware or software required.

  • Flexible: Merchants can accept Visa, MasterCard, American Express, and JCB credit cards, BancNet debit cards, Globe GCash and Smart Money for mobile, and China payments.

  • Secure: Advanced security measures are present to help merchants minimize risks and fraud to best safeguard merchants from financial losses due to fraud.

  • Cost-efficient: We offer online payment services with competitive set-up costs, annual fees and transaction commission rates.

  • Partnership Opportunities: Merchants may capitalize on the e-commerce ready customer base of PesoPay Direct members to grow their businesses.

  • Value-added Services: PesoPay's unique features, such as Scheduled Pay for recurring payments to enhance your e-business.

Who can apply for PesoPay e-Commerce payment services?
We accept applications from any businesses, organizations and charitable bodies that are registered in the Philippines.

My company is not a corporation. May I still join?
Yes, we serve sole proprietors and partnerships as well as registered non-profit-making organizations. Other business set-ups are also welcome as long as they have the proper business registrations.

My company operates more than one e-commerce site. Do I have to apply for multiple merchant accounts?
Yes, each website can only use ONE PesoPay e-Commerce payment service merchant account. Merchants should apply for a different account for each of the sites they operate.

What should I do to become a PesoPay e-Commerce merchant?
You may call our Sales Hotline at (+632) 887 0088, 887 0088 or email us at sales@pesopay.com for enquiries.

What documents are required in order to apply for your payment acceptance services?
Applicants of our services should submit the completed Application Form together with documents (if applicable) including but not limited to:

  • Company identity: Philippine Business Registration Certificate or non-profit organization registration document, Certificate of Incorporation, Articles & By laws, Business Permit, BIR Certificate, Tax Exemption Certificate for NGO’s, Latest Financial Statement and Travel Certificates for Travel Agencies;
  • Others: Business Write-up, Secretary Certificate for Corporation and Valid ID of signatories for signature specimen

How long does it take to have my service application approved?
For Credit Card, it normally takes about 15-20 working days for an application to be approved, depending on the nature of the business and background, provided that the applicant has submitted all the necessary information and documents.
For Debit Card, it only takes 5-10 working days for an application to be approved.

How long does it take to implement your services?
Normally, it takes about 2-5 working days to complete the implementation, given that the merchant’s website meets our technical requirements. The extent of work largely depends on the complexity of your online application.

What are the e-commerce payment acceptance services provided by PesoPay?

  • Credit Card – Visa, MasterCard, Amex & JCB
  • Debit Card - BancNet
  • Mobile – Globe GCash and Smart Money
  • China Payments – China UnionPay, Alipay & 99Bill

How does PesoPay e-Commerce payment acceptance services work?
Click here to view our service demonstration.

What kind of payment methods can PesoPay e-commerce merchants accept?
PesoPay merchants may accept worldwide credit cards (Visa, MasterCard, American Express, and JCB), Philippine debit/ATM cards with BancNet, mobile payments with Globe GCash and Smart Money, and China payments with China UnionPay, Alipay, and 99Bill.

Can a PesoPay e-commerce merchant accept overseas credit card payments?
Yes, PesoPay e-commerce merchants can accept VISA, MasterCard, American Express Card and JCB payments from around the world, regardless of currency.

In what currency does PesoPay settle payments received by merchants?
Currently, PesoPay e-commerce merchants can accept payments in PHP & USD. Holders of overseas credit cards may also shop at the site, and we settle the transactions in the selected currency. The issuing banks of such credit cards convert the payments into their respective currencies and charge the cardholders with such amounts. PesoPay merchants DO NOT have to bear any foreign exchange charges.

Do my customers have to register as PesoPay Direct members in order to pay me?
No, merchants may choose to accept payments from any of your customers whether via credit card, debit card, mobile, and China-issued cards.

Does PesoPay provide a recurrent billing service?
Yes, "PesoPay SchedulePay” is our recurrent billing service. Please contact us for more detailed information.

Is there any kind of business that is outside the service scope of your payment services?Click here to request a list of products and services that is not covered by PesoPay e-Commerce payment acceptance services.

Do I need to have a web site before we can apply for your services?
Yes, you need a running website to use our services. If you don’t have a website, we offer website development services or your company can develop it independently.

Can I become your merchant without a web site?
All PesoPay e-Commerce merchants must have their own web sites. If you don't have a web site but would like to accept payments online from a non-ecommerce source, you may sign up as our offline merchants.

Do I have to install a shopping cart in my web site?
We strongly recommend that, in order to operate e-commerce activities, web sites should have online catalogues that front their payment facilitates, which are known as shopping carts. Our payment services require possession of a shopping cart on the merchant side. (Please refer to our Technical FAQ session for other shopping cart related questions.). And, we are also pleased to offer our easy-to-setup and cost-effective shopping cart service to address your needs.

Would PesoPay e-Commerce payment acceptance services affect the speed of my web site?
No. There are many factors that could affect the speed of a web site, like the power of the host server, quantity and size of images in the website, search methods and so on.

Does PesoPay support the e-commerce software my web site is using?
Our payment services are independent of the e-commerce software you are using. For merchants who are using MIVA Merchant or OS Commerce, Zen-Cart, Magento, and Joomla VirtueMart, PesoPay provides API or scripts for merchant to connect and integrate to our payment service platform. Merchants are also free to develop their own API to integrate with AsiaPay’s payment service platforms.

How does my web site feed the information from our shopping cart to your payment page, and vice versa?
When a customer places an order at PesoPay merchant's web site and selects the payment method, the customer will be redirected to our secure payment page for payment processing. All necessary parameters (i.e. transaction amount, order reference number, customer name) will be carried forward to the secure payment page at the same time. When the payment is processed, the results (either successful or failed) will be shown to the customer in another web page. Such information will also be fed to the designated web page of the merchant for more sophisticated post-payment processing.

How secure is PesoPay?
Click here to see how you obtain maximum protection in using our payment services, along our 3-D security protection supported by our allied banks.

Is there any need for my web site to arrange secure server facilities?
We do not require merchants to install secure server facilities as long as the information passed from merchants to us does NOT contain sensitive information (in fact, customers have to enter information such as credit card number, only in our secure payment page). Meanwhile, merchants are suggested to enhance security levels of their web sites to provide maximum protection to their customers. And, via our partner Digi-sign, we are pleased to offer a cost-effective SSL certificate product when needed.

Does PesoPay use encryption for the server and database?
AsiaPay has achieved PCIDSS compliance, demonstrating our ability and commitment to provide comprehensive yet secure payment processing facilities meeting the international security standard. All sensitive information in our database is encrypted and protected behind a firewall system. At the browser level, 256 bit Secure Socket Layer (SSL) is used.

I'm concerned with the issue of online fraud. What should I do to minimize it?
Fraudulent behavior online takes various forms from stolen card to system hacking. As an experienced payment service operator, we would like to suggest the following actions to minimize fraud.

  • Web site security - We strongly suggest that PesoPay e-Commerce merchant's e-commerce web site is equipped with security facilities like SSL, encryption and firewall. This way, the merchant's database (especially the sensitive sales information) and its transmission are safe from being accessed by outsiders.
  • Order details - Merchants should urge customers to provide adequate information upon ordering, especially contact information of the customers. Make sure that the customer is a legitimate cardholder. More attention is required for suspicious orders (like remote delivery addresses or simultaneous multiple orders).
  • Free mail address - Some fraudsters attempt to mask their identity by using a free mail addresses. While most users of free mail addresses are indeed legitimate, caution should be exercised for orders with free mail addresses, especially when this is the only way to contact the customers.
  • Out-of-norm orders - Merchants should be wary of orders that falls outside usual ordering patterns, like bulk orders or purchases that greatly exceed the average transaction amount.
  • IP record - Beware of orders made from odd locations (which are sometimes traceable with the IP addresses), especially where credit card fraud is more common.
  • Proof of delivery - Get a signed proof of delivery or receipt if available upon retrieval request.
  • Return policy - Merchants should write and maintain clear, easy to understand and consistent product return policies to keep customers well informed

How much is PesoPay’s service cost for accepting e-Commerce payments?
There is an annual set-up charge, a transaction commission based on the payments received and a chargeback handling fee, but no other hidden charges. For details, please contact us at (+632) 887 0088, 887 0088

Do I have to pay any charges to other parties besides PesoPay?
For PesoPay e-Commerce plan merchants, there is no additional fee charged by any party other than PesoPay. For PesoPay Premier Plan merchants, the selected bank may levy its charges to the merchant and we add 0.xx% as transaction fees.

Would you deduct any charges from received payments of merchants?
We do not deduct setup fees and annual fees or marketing expenses from received payments of merchants. Such charges are billed to merchants separately. On the other hand, transaction commission, refund and chargebacks (if any) will be deducted from received payments before reimbursement.

What is a rolling reserve for Debit payments?
Instead of requesting an upfront deposit, we may impose a rolling reserve on a case-by-case basis. The purpose of which is to prepare and maintain a sum for contingent refund requests. The rolling reserve is usually a percentage of monthly transactions (which ranges from 10% to 40%), which will be released to merchant after a short period of time (usually 60 days).

How long does it take for a payment to be processed, and what happens after the processing is complete?
Normally, it takes only a few seconds for a transaction to be processed. However, there are some cases wherein it takes time depending on the complexity of the issue i.e. a suspected fraudulent transaction. After the payment is processed, a summary of the payment is sent to the customer upon confirmation.

How can a merchant check the status of the payments?
PesoPay merchants may log into PesoPay Merchant Administration site anytime, and access various online reporting tools to track the credit card payment transactions and even download the report for accounting purpose.

Does the payment result that PesoPay shows to the customer and the merchant also includes information about items purchased by the customer?
In general, we do not handle information other than the parameters necessary for transaction processing. Parameters such as items purchased, model numbers, quantities, shipment addresses and so on, do not fall into this category. Basically merchants may refer to shopping carts for such information. Meanwhile, bundled services will be available to meet specific business needs.

What will the customers see on the monthly bank / credit card statements after purchasing from a merchant?
The name of the merchant will appear on the credit card statement.

What is the lower limit per payment for PesoPay eCommerce?
Basically we accept payments of any amount. We also handle special business needs of merchants on a case-to-case basis.

How does a merchant handles a refund to a customer? What are the charges?
The availability of refund service depends on the service plan.

  • PesoPay e-Commerce merchants should submit a completed "Refund Requisition Form" to us, stating details of the transaction to be refunded. Refund charges will be applied to merchants.
  • PesoPay e-Commerce Premier Merchants should send the refund requests directly to our partner bank.

In any case, we monitor refund activities of our merchants very closely. We are particularly concerned with excessive refunds since it may mean a low satisfactory service level (like late delivery or stock shortage).

When and how does PesoPay reimburse received payments to a merchant?
Merchants may receive payments by auto-credit by the acquiring bank. Normally PesoPay e-Commerce merchants receive payments (less transaction commission) 15 days auto-credit rolling in.

What is Verified by Visa / SecureCode by MasterCard / SafeKey by AMEX / J/Secure by JCB?
These are security features instituted by Visa International, MasterCard International, American Express International, and JCB International to protect online and mobile purchases. It enhances the existing credit card security protocols with an additional personal password to be used to authenticate a genuine cardholder purchasing online. When a credit cardholder shops online, he/she will be required to enter the password in the same way as entering a PIN at an ATM. That means only the cardholder can use that card. For details, please visit Visa International, VISA International web site.

Is it compulsory for online and wireless merchants to join Verified by Visa, MasterCard SecureCode, American Express SafeKey®, and JCB J/Secure?
We strongly recommend for our merchants to implement 3-D Secure offered by Visa, MasterCard, AMEX, and JCB. Aside from the added security layer, merchants can avail of this service free of charge.

What are the protection benefits of using Verified by Visa, MasterCard SecureCode, American Express SafeKey®, and JCB J/Secure?

To merchant:

  • Reduce fraud by assuring cardholder's identity with the authentication of Card Issuer;
  • Increase confidence to ship to the cardholders worldwide, resulting in increased sales;
  • Reduce your liability for fraudulent and disputed purchases.

To cardholder:

  • Reduce risk to release credit card information for online purchase and avoid unauthorized card use;
  • Feel secured shopping online

Is there an extra charge for a merchant to implement the 3-D Secure platform?
For those merchants who join PesoPay eCommerce plan, these features will be bundled without additional charge. For PesoPay eCommerce Premier plan, merchants have to arrange a license from the acquiring bank.

How does Verified by Visa, MasterCard SecureCode, American Express SafeKey®, and JCB J/Secure work?
Please refer to VISA International for details. The location is: http://www.visa-asia.com/verified/index.shtml

Does a merchant need to modify the web site to use these security features?
For those merchants who join PesoPay eCommerce Standard plan, there is no need for them to modify their web site. For PesoPay eCommerce Premier plan, the merchants need to install a license which is provided by the acquiring bank.

How does the merchant know that a transaction has passed thru Verified by Visa, MasterCard SecureCode, American Express SafeKey®, or JCB J/Secure?
The result of the transaction can be seen in the PesoPay Merchant Administration site. The payer authentication (Payer Auth) column in your transaction detail report of the transactions will be shown as "T", which means "True".

What is a payment gateway?
A payment gateway is a software program that is embedded into a merchant's web site for transmitting transaction data to the credit card acquirer, payment service provider or bank for authorization and settlement purposes.

What is a shopping cart?
A shopping cart is a program installed in your website that enables your customers to view and buy products online. Its flow resembles shopping at a supermarket in which a shopper places products from a shelf into a basket, and then proceeds to checkout to pay for the items purchased.

What is a chargeback?
A chargeback is the forced reversal of a transaction by the credit card issuing bank. Chargebacks take place when we receive notification from our partner bank that the cardholder's card issuing bank has received a dispute notice from the cardholder, whose card had been charged by our merchants. In certain cases, defense is possible (e.g. order denial while delivery is completed indeed) given merchants are able to provide adequate evidence. In cases of fraudulent card usage, a chargeback is made immediately. Please note that excessive chargebacks may result in service terms revision, service suspension or even termination.

What is Verified by Visa, MasterCard SecureCode, American Express SafeKey®, and JCB J/Secure?
These are security features instituted by Visa International, MasterCard International, American Express International, and JCB International to protect online and mobile purchasing. It enhances the existing credit card with an additional personal password to be used to authenticate a genuine cardholder purchasing online. When a credit cardholder of these shops online, he/she will be required to enter the password in the same way as entering a PIN at an ATM. That means only the cardholder can use that card. For details, please visit Visa International, VISA International web site.

What is PCI DSS?
PCI-DSS stands for Payment Card Industry Data Security Standard (PCI DSS). PCI DSS defines a set of standards to protect card holder’s data throughout the life cycle of a credit card transaction.
The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents.

Who are the parties requiring compliance?
Any organization that is involved in accepting, processing, transmitting or storing card data must be compliant with PCI DSS. This means that Merchants, Payment Gateways, Network providers and third part service providers must prove their compliance.

What’s the purpose of PCI DSS?
The PCI Standard aligns the security requirements and guidelines developed individually by the card schemes into a single standard that protects cardholder identity and transaction information.

What are the PCI DSS requirements?
The PCI DSS specifies and elaborates on six major objectives:

  1. Build and Maintain a Secure Network
    - Install and maintain a firewall configuration to protect data.
    - Do not use vendor-supplied defaults for system passwords and other security parameters.
    First, a secure network must be maintained in which transactions can be conducted. This requirement involves the use of firewalls that are robust enough to be effective without causing undue inconvenience to cardholders or vendors. Specialized firewalls are available for wireless LANs, which are highly vulnerable to eavesdropping and attacks by malicious hackers. In addition, authentication data such as personal identification numbers (PINs) and passwords must not involve defaults supplied by the vendors. Customers should be able to conveniently and frequently change such data.

  2. Protect Cardholder Data
    - Protect stored data.
    - Encrypt transmission of cardholder data and sensitive information across public networks.
    Second, cardholder information must be protected wherever it is stored. Repositories with vital data such as dates of birth, mothers' maiden names, Social Security numbers, phone numbers and mailing addresses should be secure against hacking. When cardholder data is transmitted through public networks, that data must be encrypted in an effective way. Digital encryption is important in all forms of credit-card transactions, but particularly in e-commerce conducted on the Internet.

  3. Maintain a Vulnerability Management Program
    - Use and regularly update antivirus software.
    - Develop and maintain secure systems and applications.
    Third, systems should be protected against the activities of malicious hackers by using frequently updated anti-virus software, anti-spyware programs, and other anti-malware solutions. All applications should be free of bugs and vulnerabilities that might open the door to exploits in which cardholder data could be stolen or altered. Patches offered by software and operating system (OS) vendors should be regularly installed to ensure the highest possible level of vulnerability management.

  4. Implement Strong Access Control Measures
    - Restrict access to data by need-to-know.
    - Assign a unique ID to each person with access.
    - Restrict physical access to cardholder data
    Fourth, access to system information and operations should be restricted and controlled. Cardholders should not have to provide information to businesses unless those businesses must know that information to protect themselves and effectively carry out a transaction. Every person who uses a computer in the system must be assigned a unique and confidential identification name or number. Cardholder data should be protected physically as well as electronically. Examples include the use of document shredders, avoidance of unnecessary paper document duplication, and locks and chains on dumpsters to discourage criminals who would otherwise rummage through the trash.

  5. Regularly Monitor and Test Networks
    -Track and monitor all access to network resources and cardholder data.
    -Regularly test security systems and processes.
    Fifth, networks must be constantly monitored and regularly tested to ensure that all security measures and processes are in place, are functioning properly, and are kept up-do-date. For example, anti-virus and anti-spyware programs should be provided with the latest definitions and signatures. These programs should scan all exchanged data, all applications, all random-access memory (RAM) and all storage media frequently if not continuously.

  6. Maintain an Information Security Policy
    -Maintain a policy that addresses information security.
    Sixth, a formal information security policy must be defined, maintained, and followed at all times and by all participating entities. Enforcement measures such as audits and penalties for non-compliance may be necessary.

How can I obtain technical support from PesoPay on my merchant account?

Please email us at support@pesopay.com.

How can I change the registered information (e.g. contact person, company address)?

Please email us at service@pesopay.com.