elloha is continuing its efforts to ensure the security of customer data, in particular banking data, and as a result, from 11 February 2025, CVCs will no longer be accessible via the Payment Centre for subscribers who use our secure storage platform.
This measure - which complies with demanding but essential security rules - also guarantees a salutary strengthening of banking security between our users and their customers. However, this change is not an obstacle for users who have activated MOTO (Mail Order / Telephone Order) mode on their Eftpos terminal. For those who have not activated this MOTO mode and do not wish to switch to one of the virtual Eftpos terminals partnered with elloha (Stripe, Paybox, Payzen), they should contact their bank directly.
Here is the macro that will be sent by Support, for users contacting us about this:
elloha!
Thank you for your request concerning the storage and use of your customers' bank details. As stated in the General Terms and Conditions of Use that you accepted when you subscribed to elloha (regardless of the elloha subscription or the fact that it may have been made available to you by one of our partners), with regard to the processing of your customers' bank details, you can activate them via one of the Eftpos terminals with which elloha is connected (Stripe, Paybox or Payzen). These Eftpos terminals allow you - without having access to bank details - to order payments in complete security for yourself and your customers, under your sole responsibility and that of the payment platform. You can also access your bank details via the secure Payment Centre.
Please note that :
- Access to the Payment Centre can only be authorised by our platform on presentation of a certificate from your remote payment provider proving that your contract benefits from the MoTo (Mail Order / Telephone Order) option.
- The visual cryptograms (or CVCs) of your customers' bankcards are not recorded in the Payment Centre, for obvious banking security reasons. However, this does not prevent them from being used in your distance selling contract or your POS terminal, as long as the latter benefits from the MoTo (Mail Order / Telephone Order) mode.
- elloha reserves the right to request, on a regular basis and at any time, proof that this mode (MoTo) has been activated on your contract. If the certificate is not sent at the first request and within 24 hours, access to the Payment Center will be immediately deactivated until it is sent, without any banking data being stored there, and without elloha being held liable for the financial consequences of this interruption of service.
Consequently, as things stand, you have several alternatives:
- Would you like to use the Payment Center? To do so, please send proof that your Eftpos terminal (or distance selling contract) is active in MoTo mode (Mail Order / Telephone Order).
- If you do not have a contract of this type, we recommend that you contact your payment system supplier for this purpose.
- Do you have a distance selling contract with your bank? You can link it to elloha by activating the Paybox or Payzen option directly in your elloha account. In this case, all your customers' bank cards will be stored securely on these highly protected platforms.
- Are you not planning to have a VAD contract? Then we recommend that you activate the Stripe option, which allows you to store your customers' bank details (in the form of aliases and tokens) in a highly secure account at no fixed cost or subscription. There is no cost to you for storing a bank card on Stripe; only a transaction fee applies if you decide to debit an amount from that card.
In conclusion, we are happy to offer you all these alternatives that respect the demanding principles of security for your business and your customers' bank details. We look forward to hearing from you and thank you for your confidence. Have a good day.