Payment options accepted
Payment may be made via Visa, MasterCard, Diners or American Express Cards or by bank transfer into the Whimzy bank account, the details of which will be provided on request.
Card acquiring and security
Card transactions will be acquired for Whimzy via PayFast, which is an approved payment gateway for all South African Acquiring Banks. Users may go to www.payfast.co.za to view their security certificate and security policy.
Customer details separate from card details
Customer details will be stored by Whimzy separately from card details which are entered by the client on PayFast’s secure site. For more details on PayFast refer to www.payfast.co.za.
Whimzy and Payfast are committed to keeping you, your customers and all sensitive information secure. We have a multitude of automated and manual checks in place to protect both buyers and sellers from fraudulent transactions.
PCI-DSS Level 1 Compliant
- We use Extended Validation SSL with 256-bit encryption. Only two of the four major South African banks use this –the highest– level of encryption currently available.
- All sensitive info is encrypted within our own database.
- We run penetration testing on our system on a weekly basis to look for vulnerabilities. We are only required to do it once every three months, but we run it every week.
- Our entire site, blog, payments page and help site all are served off secure servers, making it harder to perpetrate phishing attacks.
- 3D Secure is in place for all credit card transactions.
- Two-factor authentication is available to restrict access to your PayFast account.
- We use GEO IP tracking to see where transactions are originating from and look for mismatches between this and the card’s issuing country.
- Our system automatically checks for suspicious payment velocity.
- We use BIN/IIN validation to check for card-issuing bank locations and merchants can choose to enable/disable payments from certain countries.
- Payments and card details are automatically checked against large online databases of blacklisted details.
- All suspicious transactions are manually reviewed by our stellar Support Team.