PayFast is a payments processing service for South Africans and South African websites. We enable easy, secure and instant transfer of money from online buyers to sellers.
We allow sellers –individuals, businesses and charities– to accept secure payments from online buyers in a variety of ways. We process credit cards from anywhere in the world, Instant EFT (bank transfers with SA’s four biggest banks that get instantly verified), Bitcoin and more.
We take security very seriously. Our servers have been rigorously checked to ensure that they are not vulnerable to unauthorised access and activity on the servers is continually monitored.
Credit card security
It is absolutely safe to supply your credit card details to this site to pay for a purchase. In fact, it’s probably safer than doing a transaction in a shop or restaurant. Here’s why.
When you enter your card details, the communication between your browser and our server is encrypted using SSL. You can tell that this is the case by the little padlock displayed on the status bar of your browser on the page where you enter your card details. This means that it is virtually impossible for a third party to listen in when you submit the form. We use a certificate issued by Thawte for SSL encryption. No credit card number has ever been intercepted while in transit over SSL.
When you send us your card number, you can choose whether or not you want us to retain the card details in our database. If you tell us not to retain your card number, we don’t store it in our database. Instead, we get authorisation for the transaction from your bank and, from that point onward, we only work with the authorisation number. For orders that take less than a week to complete, we debit your card when we dispatch your order. For orders that take longer, we will debit your card before our authorisation expires. This is the only way that we can do the transaction without storing your card details in our database.
If you tell us to retain your card number, we will encrypt it and store it in our database. We use a 1024 bit RSA public key to encrypt the number and it can only be decrypted with the corresponding private key. The private key is not stored on our web server, nor any machine directly connected to the internet.
Either way, we do remember the first and last four of the 16 digits in your card number so that we can link future payments from the same card.
When you use your credit card to pay for something in a shop, they give you a slip that usually contains your name, your entire credit card number, and the expiry date of your card. Many people just throw these slips in the bin. Even if you dispose of them safely, the shop still keeps the counterfoil and you rely on them to keep your card details private. In a restaurant, most people are happy to have the waiter disappear with their card while the transaction is put through… These risks are much more significant than those that you face when using your card on this site.
General information security
Access to all information held in your account is password protected. It is essential that you keep your password secret so that no-one else can gain unauthorised access to this information. When you use your web browser to view or update information relating to your account, the communication is encrypted over HTTPS to prevent any third parties from eavesdropping, but we do not enforce interaction with your cart or wish lists to be over HTTPS.
Once you have used your password to authenticate yourself to our server, the session is considered to be authenticated and access will be permitted to all information relating to your account. In addition, an authenticated session may be used to place orders and purchase gift vouchers and pay for certain orders up to R1000 by selecting a credit card previously used to pay for a purchase. When accessing our website from a web browser, the authenticated session is ended when you explicitly choose sign out or automatically after about 15 minutes of inactivity, so you don’t have to remember to sign out. After authenticating using your password while using lighthouse publisher’s iOS or Android shopping application on a mobile device, that application remains in an authenticated session that ends only when you explicitly sign out or uninstall the application so it is essential that the security of your device is not compromised. Similarly it is essential to preserve the security of all devices used for accessing our website using a web browser, especially where the web browser or a password management tool has been used to store your lighthouse publisher password.
You agree that once the correct username and password for your account have been used to authenticate a session, you will be liable for purchases paid for in the resulting authenticated session, except where the purchase is cancelled by you in accordance with these Terms and Conditions. You will be liable for payment of purchases irrespective of whether the use of your username and password is unauthorised or fraudulent, and you expressly indemnify Loot against any loss you may incur, financial or otherwise, that may result from fraudulent or unauthorised use of your account.
While an authenticated session in your web browser will end automatically after about 15 minutes of inactivity, the web browser will remain signed into your account unless you explicitly choose to sign out. In a signed-in but unauthenticated session, your cart and wish lists may be viewed and altered without having to re-authenticate using your password, but access to other account information or placing of orders or purchasing of gift vouchers will require re-authentication. You are liable for any activity on your account while you remain signed in.
You agree to notify lighthousepublisher.co.za immediately upon becoming aware of or reasonably suspecting any unauthorised access to your account and to take steps to mitigate any resultant loss or harm.