The Payment Security features outlined below are designed to help you strengthen the security of your payment processes. You have the flexibility to choose to enable the combination of security measures that best align with your business needs—ensuring both robust protection and a seamless, trustworthy experience for your customers.
Simplypaid Secure Login
Allows only authorised customers to view or take actions on Simplypaid. Authorised customers are those with a valid email address in your ERP/Accounting Software.
How does it work?
At the login page, the customer will be prompted to enter their email address.
An OTP (One Time Password) is then sent to that email.
Once the customer enters the OTP, access is granted for 15 days—no repeated logins needed during this time. Note: OTPs are valid for 5 minutes, after which the customer must request to "Resend the code" or repeat the login process.
If the customer is not authorised or used a personal email address (which is not in your ERP/Accounting Software), they will receive the following error message: "Email not found, please contact Company XYZ". At this point, they won't be able to access Simplypaid unless you grant access - see Simplypaid Access Approval below.
Simplypaid Access Approval
Pre-requisite: Simplypaid Secure Login must be enabled.
When this feature is enabled, those who are not customer contacts/unauthorised will need to request access. An approval workflow is triggered that allows Manager Users with "approval permission" to grant access.Contact your Customer Success Manager or email customersuccess@ezycollect.com.au to request for approval permission.
How does it work?
When a customer attempts to log into Simplypaid, the system initiates email authentication. I.e. The system checks if the email is already approved/authorised or if it's associated with an existing customer contact.
If the email address is not approved/authorised, the customer will see the following message with a prompt to "Request Access".
Once they click "Request Access", an approval workflow is triggered.
An email is sent to you and all other Manager Users with approval permission containing:
An "Grant Access" link.
A "Decline Access" link.
If you click "Grant Access", you will be redirected to your ezyCollect dashboard with the following message:
If you click "YES", the email is added as a contact, and a confirmation message is shown.
If you click "Not Now", the customer gains access to Simplypaid without being added as a contact in ezyCollect.
If the email was already approved by another Manager User, the following message will be displayed in your ezyCollect Dashboard.
If you click "Decline Access", the customer is notified and they cannot request access again.
Audit Trail: All requests and approvals are displayed under the "Activity History" section of the customer page in your ezyCollect.
Add Payment Method
Allows your customers to add their cards/bank accounts so they can reuse them on future visits and perform quick checkouts.
Pre-requisite:
Simplypaid Secure Login must be enabled.
This setting is only applicable to organisations that have ezyCollect Payments configured for both credit cards and bank transfers.
Note: If you wish to use this feature but haven't migrated to ezyCollect Payments or if you're not sure, please contact customersuccess@ezycollect.com.au
How does it work?
Once your customer logs into Simplypaid, the Documents tab will display a list of their invoices. To make payment, they have to firstly click, "Add Payment Method".
Card: All card information is tokenised and is not stored with ezyCollect. Only the last 4 digits is shown on Simplypaid.
Bank Account
Once a payment method has been added, the following message will appear on screen:
The customer can now select the invoice(s) they want to pay and click "continue to pay" on the saved card or bank account. It takes them to a confirmation screen where they simply click "Pay Now" to finalise payment.
Note: If the customer clicks "One Click Pay" on the card or bank account, the payment will be processed automatically.
A maximum of 5 payment methods (cards and bank accounts) are displayed on the Payment Methods page. They can be deleted at anytime.
3DS Verification on Save Payment Method / Direct Debit Authority (DDA)
3D Secure (3DS) verification adds an extra layer of security by verifying the identity of the customer when they attempt to add a new card as a payment method or add a new Card Direct Debit Authority (DDA). This helps to prevent fraudulent card usage and enhances the overall security of the payments platform.
Pre-requisite: Simplypaid Secure Login and Add Payment Method must be enabled.
How does it work?
Add a New Card as a Payment Method: During the process of adding a new card, the system will initiate 3DS authentication if the card is enrolled in the 3DS program.
Add a New Card DDA: When a customer sets up a new DDA using a card, the system will trigger 3DS authentication for enrolled cards.
Behaviour for Non-3DS Cards: The system logic will not block cards that are not enrolled in the 3D Secure program. For these non-3DS cards, the system will maintain its existing behaviour, allowing customers to save the card without undergoing 3DS authentication.
Error Handling
If the 3DS authentication process fails for a card (e.g. the customer cancels the authentication, enters incorrect information, or the authentication times out), the system will:
Reject the Card: The new card or card DDA will not save as a valid payment method.
Display an Error Message: The customer will be presented with a message indicating that the 3DS authentication failed and that they should try again or use a different payment method.
Bank Account Verification
When enabled, the system validates your customers' bank account details against an external service - Satori, which specialises in real-time bank account verification, ensuring that the bank account details provided by your customers are accurate and valid.
Note: Account details verification does not guarantee the success of the transaction, as problems may occur after verification. For example, the customer does not have sufficient funds in his account, resulting in a failed payment.Pre-requisite: This setting is only applicable to organisations that have ezyCollect Payments configured for bank transfers.
How does it work?
Everything Looks Good (Match): If the bank account details your customers entered are confirmed as correct, they can save the payment method, set up Direct Debit, and proceed with their payment without any issues.
Potential Minor Issues (Weak Match or Not Enough Info): If the system finds some minor inconsistencies or doesn't have enough information to fully verify the details, the customer will see a message: "The bank details provided could not be verified. Please check your information and try again."
Your customer can retry up to 5 times within 24 hours.
After 5 unsuccessful attempts, they'll see the following message and they can either validate their bank account via micro-deposit or try again in 24 hours.
Information Doesn't Match (No Match or Not Found): After 5 unsuccessful attempts, your customer will see this message: "You have reached the maximum number of attempts to validate your bank details. Please contact customer support for assistance." At this point, the customer needs to use another payment method or wait 24-hours to try again.
Micro Deposit
When enabled, the system validates your customer's bank account by sending $0.01 into your customer's account accompanied by a code to verify the transaction, direct debit authorisation or save payment method in the application.
The deposit may appear in your customer's account instantly after the transaction is initiated but can 1-2 business days depending on whether NPP is supported.
Pre-requisite: This setting is only applicable to organisations that have ezyCollect Payments configured for bank transfers.
How does it work?
Micro-Deposit validation on bank transfer payments
When micro-deposit validation is enabled, the following message is displayed on the bank transfer form: “Your bank information will be verified via micro-deposit to your account, unless it has already been successfully validated.“
Once the customer clicks "Pay Now", the following confirmation message instructs the customer to confirm the micro-deposit via email.
When the customer clicks on the “Micro-deposit” button in the email, the system will prompt them to add the 4-digit code.
Note: The 4-digit code can be identified on the customer’s bank statement starting with the descriptor, “CODE#”.
When the customer adds the correct micro deposit code and clicks on the “Continue” button, the system will process the transaction. If the transaction is processed successfully, the system will send the payment receipt to the customer/client via email. If the wrong code is entered, the customer will have 4 more attempts, after which the micro deposit validation is blocked and the customer will need to wait 24 hours before trying again.
If the micro deposit flow is successfully completed, the system will update the status of the transaction to “cleared” in the Transaction Page in ezyCollect. If the micro deposit fails or is abandoned by the customer, after 2 business days, the system will update the transaction status to “failed”.
Micro-deposit validation on Bank Account Direct Debit Authority
When the customer selects "bank transfer" on the direct debit authority form, the same micro deposit process flow is triggered as above.
The DDA status will be “Pending” until the micro-deposit flow is completed.
If the authorisation is processed successfully, the system will update the status of the customer's direct debit authority to “Acquired” and send the copy of the direct debit authority to the customer/client via email.
Micro-deposit validation on Add Payment Method
When the customer has filled out their bank account details and hit "save", they will see instructions on how to complete the micro-deposit validation. An email is also sent to the customer.
The customer can complete the micro-deposit validation in one of two ways:
By visiting the Payment Methods page and clicking "Complete Validation". The Payment method status will remain as “Waiting Validation” until the micro-deposit flow is completed.
By clicking the verification link provided in the email
Once the customer enters the correct micro-deposit code and clicks "Continue", the saved payment method will be activated and ready for use.
The system will allow the customer 5 attempts to add the correct micro-deposit code. After 5 unsuccessful attempts, the micro-deposit validation is blocked and the customer will need to wait 24 hours before trying again.
Micro-deposit validation on Credit Application
Upon completion of the Credit application, the customer will receive micro-deposit validation instructions via email.
When approving a Credit Application, if the DDA for the associated bank account has not yet been validated through the micro deposit process, the system will display an alert message to the user informing them that there is a pending verification.
Following the approval of a Credit Application where micro-deposit validation is pending, the corresponding DDA will appear on the Direct Debit Mapping page, specifically within the "Unmapped" tab. The alert symbol indicates to the User that the DDA is awaiting micro-deposit validation.
Mapping of the DDA is disabled in this case until the bank account verification via micro-deposit is successfully completed.
If and when the customer has added the correct micro deposit code and the authorisation is processed successfully, the option to map the DDA will be enabled.
The Direct Debit Registration email (including a copy of the Direct Debit Registration PDF attachment) is triggered only after a DDA is mapped to the relevant customer record by the Manager User, in the Direct Debit Mapping page.