Privacy and security

How the Eyeline site processes your payment

The Eyeline web site uses the Multibase ePay Payment Gateway, which processes online payments through the Camtech online payment service.

Multibase ePay Payment Gateway

The ePay payment gateway

 

The Eyeline site forwards your transaction to the ePay payment gateway. The payment details are then forwarded by the ePay payment gateway via an encrypted link to the Camtech online payment system for processing. The Camtech payment gateway then interfaces with your nominated clearing bank to clear the transaction.  

Link to the bank

The Camtech payment gateway accepts credit card details from the ePay Payment Gateway, converts them to the Australian Banking Standard 2805F (ISO 8583) and forwards them to the bank for processing.   The link to the banking network is a dedicated private connection that is inaccessible by Internet users. The Payment Gateway also uses enhanced security features such as digital envelopes and content keys (1024 Bit RSA/IDEA).  

Approval of the transaction

Once the transaction has been approved, an encrypted response consisting of the transaction details and bank authorisation code is sent back to the Camtech payment gateway, which logs the transaction and sends the result back to the ePay Payment Gateway. Secure Sockets Layer (SSL) is used to encrypt the details between your web browser and the ePay Payment Gateway. The ePay gateway deciphers this message and forwards the transaction details to the Eyeline web site for you to view. This entire process is typically completed within 6 to 15 seconds, making it the fastest real time Internet payment processing service in Australia.  

Credit cards

Cards Accepted

VISA Master Card Amex

Web browser required

One of the following web browsers is recommended to purchase goods from the site: Internet Explorer version 5.5 or greater, and Netscape Navigator version 6 or greater, on Windows, Mac and UNIX operating systems. Earlier versions may work but we cannot guarantee this.  

Currency

All transactions are conducted in $AUD.  

Security FAQs

Q1. Definition of terms used

Answer:

IP address
When you are connected to the Internet, you computer has a unique Internet ID called an IP address. Most people that connect through a dial-up service get a different IP address each time they log. On. You may have a permanently assigned IP address called a static IP address. If is difficult or impossible for a web site to collect personal information about you e.g. you name, email address from your IP address alone, though a static IP address makes this easier.

SSL encryption
A method by which information transmitted across the Internet is scrambled to the point where it's virtually indecipherable by anyone who should intercept the data before it reaches its destination. Almost all reputable online stores make use of SSL encryption to request credit card information and other sensitive data from their customers. Web pages where SSL encryption is activated a typically identified by a lock or key symbol displayed somewhere in your browser. Refer to your browser's documentation for the specific symbol and location.

Q2. How does the security work in practice?

Answer: Step 1: Before a message is sent, a digital signature of the message is generated by the sender.
Step 2: The message, digital signature and sender's certificate are combined and encrypted with a randomly generated secret-key to form the encrypted message.
Step 3: The secret-key is then encrypted using the public key of the Camtech Payment Gateway to form what is known as a digital envelope. The encrypted message and the digital envelope are then sent to the payment gateway.
Step 4: The payment gateway decrypts the digital envelope using its private key to recover the secret-key, and then decrypts the encrypted message.
Step 5: The payment gateway verifies the integrity and authenticity of the message by verifying the enclosed digital signature and digital certificate.
Step 6: The payment gateway generates an Australian Banking Standard AS2805F (ISO8583) message which is forwarded to the bank for processing in real time.

Q3. What is a digital certificate?

Answer: A digital certificate is a digital document that binds a public key to the identity of a particular entity. It allows a person to use the enclosed public key with the assurance that it belongs to the person identified in the certificate.

Digital certificates are issued by a trusted third party known as a Certificate Authority (CA). The CA places its digital signature on the certificate so that a user of the certificate can be assured that the contents of the certificate are bound together and have not been modified.

The CA will only issue a certificate to an entity that can provide sufficient identification and can demonstrate that the public key being included in the certificate is their public key. Camtech E-Commerce uses X.509 version 3 as its digital certificate format.

Q4. What is a digital signature?

Answer: A digital signature is a value computed from a message and the signer's private key. Since it uses the signer's private key, only the signer can generate this value.

This makes it impossible for a rogue party to alter the message and generate the correct digital signature for it. The receiver of the digital signature can verify it using the signer's public key. If the digital signature cannot be verified then either the signature is fraudulent or the message has been altered. Camtech E-Commerce uses SHA- 1/RSA as its digital signature algorithm.

Q5. What is public-key cryptography?

Answer: In public-key cryptography, a pair of keys is used. One is kept secret (known as the private key) while the other can be freely published (known as the public key). The public and private keys are mathematically related so that data encrypted with one can only be decrypted by the other. This means that data encrypted with the public key can only be read by the owner of the private key, who keeps that private key a secret. Camtech E-Commerce uses 1024-bit RSA as its public key encryption algorithm.

Q6. What is secret-key cryptography?

Answer: In secret-key cryptography the same key is used to encrypt and decrypt a message. It is called secret- key because the same key is shared by all communicating parties who must keep the key a secret in order to maintain confidentiality.

Camtech E-Commerce uses DES as its secret-key encryption algorithm.

Q7. What security precautions are in place to protect the loss, misuse or alteration of my personal information?

Answer: An online payment system is actually safer than traditional credit card handling, because there is no manual handling of credit card details. This Eyeline site has security measures in place to protect the loss, misuse and alteration of the information under our control.

Eyeline uses Camtech's E-Commerce solution is designed to maximise confidentiality, integrity and authenticity of cardholder payment information.

All information is encrypted using a combination of secret-key and public-key cryptography in such a way that only the Camtech Payment Gateway is able to read the message.

Integrity is maintained by the use of digital signatures while authenticity is assured with digital certificates.

Web site privacy policy

Eyeline has created this privacy statement in order to demonstrate our firm commitment to privacy. Please read on for more details about our information gathering and dissemination practices for the Eyeline web site.  

What information do we collect and track about you?

Eyeline gathers two types of information about users: information that we ask you to provide through registration and when you make a purchase, and data that we gather through tracking information.  

When you register

When you register through the Eyeline web site, we collect your name, email address and password.  

When you make a purchase

When making a purchase, you will be required to enter the delivery address for your purchase and Credit Card details when making a payment. We store your delivery address for our records but Credit Card details are not stored anywhere on our site or database.  

When you visit a page

When you visit our site, we track the IP address you come from, what URL you came from, the browser type, the platform, which pages were requested, and the duration of your session. We are not able to connect this with any individual information about you. From time to time we may use this information to analyse the way that site visitors use our site.  

What does this site do with the information it tracks?

We use your IP address to help diagnose problems with our server, and to administer our Web site. We also use this information to track which areas of our sites users use and don't use based on traffic to those areas. Eyeline does not track what individual users read, but rather how well each page performs overall.

Eyeline does not sell or rent user information to anyone.

Eyeline may release account information when we believe, in good faith, that such release is reasonably necessary to (i) comply with law, (ii) enforce or apply the terms of any of our user agreements or (iii) protect the rights, property or safety of Eyeline, our users, or others.  

What are my choices regarding collection, use, and distribution of my information?

This site gives users the following options for removing their information from our database so that they do not receive future communications or no longer receive our service.  

Your consent

By using our Web site, you consent to the collection and use of this information by Eyeline. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.  

Correcting and updating personally identifiable information

To change or modify information previously provided, go to the Update Profile page to modify your user profile. Email Eyeline to change delivery details (if the order has not yet been sent).  

Contacting the Web Site

If you have any questions about this privacy statement, the practices of this site, or your dealings with this Web site, you can contact Eyeline at:  

Eyeline Australia Pty Ltd
PO Box 570
Matraville. NSW 2036
Australia.  

or email Eyeline.