Secure Payment Policy with RedSys

Which cards are accepted by Ewala IT Services SL?

We work with the banking institution Banco Sabadell, which connects with REDSYS and provides a 100% secure payment gateway (virtual POS, or Virtual Point of Sale Terminal).

We accept payments with VISA, VISA ELECTRON, MASTERCARD, and MAESTRO.

Redsys processes 6.3 million online purchases every month and has over 35 years of experience in the sector. Such a high level of operation can only be sustained with the best and most reliable security and processing systems.

How does card payment work?

Banco Sabadell's solution for online payments consists of a virtual POS hosted on Servired servers (through its subsidiary Redsys) and accessible via the internet by merchants from their virtual stores.

Ewala IT Services SL automatically connects with Redsys using all the security protocols, and the customer can enter their security information and credentials to complete the purchase. Additionally, for your security, a six-digit code will be sent to the phone linked to the card used for the purchase, providing an immediate response and resolution to the payment process. The detailed purchase process is as follows:

1. The cardholder selects the products on the Ewala IT Services SL sales platform.

2. Ewala IT Services SL redirects the cardholder's browser session. The Virtual POS of Redsys takes control and securely authenticates the cardholder's payment method.

3. Once the payment is completed, the Virtual POS informs the customer of the result and returns the browser session for the cardholder to continue browsing Ewala IT Services SL.

Is it safe to make card purchases online?

The international security protocols implemented by banks guarantee total security in transactions. In our payment gateway, in addition to validating the purchase card's data, there will be an additional verification issued by the cardholder's bank, which may consist of the following (VERIFY THIS TO SEE IF ANY NEEDS TO BE REMOVED - TECHNICAL TEAM):

  • OTP or One Time Password: sending a one-time and time-limited code to the cardholder's mobile via SMS.
  • CIP: requesting a code associated with the card.
  • IVR: the cardholder receives a call to their mobile with the purchase amount and is prompted for a code.
  • Online Banking: redirecting the cardholder to their bank's website to resolve conditions. SAS confirms that the response comes from the bank.

Banco Sabadell and Redsys guarantee maximum security for payments made with VISA, VISA ELECTRON, MASTERCARD, and MAESTRO cards.

Are my card details in good hands?

Redsys directly manages your card details from its servers, ensuring the proper management of your confidential information. Ewala IT Services SL is not aware of, nor stores, any data related to your card or confidential information. Redsys handles secure, quality, and efficient payment processing.

The only data that Ewala IT Services SL may store are personal details such as your name, phone number, address, and email that you provide when placing an order or making an inquiry. This data is subject to data protection laws as stated in the Terms and Conditions and Privacy Policy pages.

What security measures does Ewala IT Services SL use?

Banco Sabadell incorporates a Virtual POS (Redsys) with secure electronic payment, supporting international protocols (Verified by Visa, MasterCard SecureCode, J-Secure...) based on 3D Secure technology.

What are Verified by Visa and MasterCard SecureCode?

Verified by Visa and MasterCard SecureCode are authentication methods used to verify the cardholder's identity when making a purchase. This means that the customer needs to prove themselves as the legitimate owner of the card they are using. To do this, during the purchasing process, a page will be presented to the customer to enter an authentication code. This system is commonly referred to as 3D Secure (3DS). A 6-digit code will be sent to the mobile phone associated with the card, which the customer must enter to confirm the purchase.

Is it necessary to register as a user to make a purchase?

Yes, to purchase any of the SaaS services offered by Ewala IT Services SL, you need to register on the platform. Please refer to our Privacy Policy.

All navigation within the website, as well as user registration and account management, are conducted with encrypted connections, ensuring that your personal data cannot be intercepted between your device and our website.

What eCommerce platform does Ewala IT Services SL use?

We use Prestashop, with the official integration of Redsys. This platform is used by millions of online retailers, so we have confidence in working with a reputable company. We promptly implement security updates for the platform and its components, and we have real-time firewall and other security measures in place to protect both our website and all data stored in our systems. It's important to note that customer payment data is not stored on our systems; it is processed directly by the bank from their servers.

Secure Payment Policy with STRIPE

Stripe complies with the highest standards of online payment security.

Credit card payments (Blue, Visa, Mastercard) are processed in full at the end of the order process. All credit card payments are 100% secure through the Stripe platform, in accordance with European and international interbank security measures. Stripe allows internet users to make their online purchases with complete security and peace of mind.

Your banking data is encrypted (SSL technology). They do not circulate unencrypted over the Internet and cannot be intercepted. Your banking data (card number, expiration date, etc.) is never communicated to us.

Is a payment with Stripe secure?

Stripe uses the standardized encryption system known as "SSL protocol." It appears, when you are on the payment page, as:

  • A closed padlock in the corner of your browser.
  • The https:// mode instead of http:// in the address bar of your browser.

When switching from unencrypted to encrypted mode (and vice versa), browsers display a message warning of the change. Check these elements before entering confidential data; it is a security guarantee. To use the strongest protocols, we recommend using a browser with the latest version. Stripe uses the following methods to secure its payment pages:

  • All card numbers are encrypted on disk using AES-256.
  • The Stripe infrastructure for storing, decrypting, and transmitting card numbers runs independently, without sharing any sensitive information with Stripe's central services.
  • Card numbers are encrypted on disk using AES-256.

Security at Stripe also translates into the following certifications and licenses:

  • PCI DSS Level 1 Certification
  • U.S. Money Transfer License
  • Compliance with the European PSD2 directive and Strong Customer Authentication
  • SSAE18/SOC 1 Type 1 and 2 Reports
  • Electronic Money License in Europe.

What information is needed to use Stripe?

Stripe will ask for the following information:

  • Card number or white label card (15 or 16 digit numbers)
  • Expiration date
  • Visual cryptogram (the last 3 or 4 digits of the signature strip on your card)

With the deployment of 3D Secure (recognizable with the "Verified by Visa" or "MasterCard SecureCode" logos), your bank will also ask you at the time of payment to authenticate yourself with confidential information that you will need to enter on your bank's own website.