First, let me say I can well understand that customers may be wary of giving their credit card details to a new website in these days of almost daily reports of internet scams. However, cardholders making purchases on the Artisan Arcade website (AA) are fully protected for two reasons: (i) even if the credit card information was fraudulently used by AA, its servants or agents or even a third-party, the cardholder would be entitled to a full refund from their financial institution; and (b) at no stage does AA (as distinct from its payment processor, Stripe) ever have the credit card information to begin with, so is is not possible for AA or a third-party to use this information.
Let me explain. First, there is a myth that has been around for many years, which refuses to die, that if a cardholder uses their card to make a purchase and some other person learns of the credit card information through the transaction, the cardholder is responsible. This is not, and never was, true in Australia.
To quote from the
MasterCard Australia policy on fraudulent use:
"Have peace of mind knowing that the financial institution that issued your MasterCard won't hold you responsible for “unauthorised transactions.” As a MasterCard cardholder, Zero Liability applies to your purchases made in the store, over the telephone, online, or via a mobile device and ATM transactions."
The only situation where a cardholder may be held responsible is if the cardholder has (a) not used reasonable care in protecting their card from loss or theft; or (b) upon becoming aware of the loss or theft, did not promptly report this to their financial institution. Clearly neither situation (a) or (b) applies to a
cardholder making purchases on the AA website.
Second, Artisan Arcade does not collect, or store, customer credit card information. All traffic to or from the AA website is encrypted. The checkout page payment information is handled by our payments processor, Stripe (see more information below). The credit card information is never on, or passes through, our servers. AA has no idea what a customer's credit card information is because all credit card information is sent directly to Stripe in an encrypted form.This is no different from using Paypal with a merchant. The merchant has no knowledge of the credit card information of the customer. The only difference, in appearance, is that with Paypal a new window will appear which gives the customer the confidence that the merchant does not obtain the credit card information. With AA there is no separate window, it is all handled by a separate API which encrypts all credit card information and sends it directly to Stripe. So while a customer may think that AA has knowledge of their credit information, AA does not. Ever. Which means that even if our site was hacked there is absolutely no credit card information to discover or use.
AA uses Stripe for all credit card payment processing. Stripe is a USD$35 billion dollar payments processor that operates in 30 countries and has its headquarters in San Francisco. Some of the major companies that use Stripe can be seen
here.
Payments processors such as Stripe and Paypal comply with the industry standard called PCI-DSS (Payment Card Industry Data Security Standard), which sets consistent security measures with the aim of reducing credit card fraud. The highest security standard that a payment processor can obtain is Level 1. Stripe is a Level 1 payment processor. The Paypal
website states that "Our most popular products, including Website Payments Standard, PayPal Checkout and Invoicing are already PCI compliant" but does not state the level of security (although I expect it would be Level 1).
To summarise, a cardholder making purchases on the AA website can never be liable for fraudulent use of the card arising from the transaction and furthermore, AA never has the information to enable fraudulent use.
AA has no plans to add Paypal as a method of payment. Paypal does not provide any more security than Stripe and Paypal has several disadvantages from our point of view.