Merchant Plug-in (MPI)

Link to our Secure PayMaster System

What is a Merchant Plug-In?

  • A merchant plug-in or MPI is a software component designed to facilitate verification for payment cards and prevent card fraud.
  • Our merchant plug-in can be integrated on any merchant’s website for customers to pay using DuitNow QR, Alipay+, Visa, Mastercard and UnionPay.
  • Once integrated, you can perform sales, reversal, voiding, refund, pre-authorisation or recurring payment based on the service requested or upon approval.

3-D Secure Payments

Difference between 3-D Secure and non-3-D Secure payments

Our MPI supports both 3-D Secure and non-3-D Secure transactions to provide flexibility to our merchants.

3-D Secure Payments

  • Requires the customer to enter an OTP, password or code to confirm a credit card payment
  • This makes transactions without knowledge of the customer very unlikely
  • Hence, the liability mostly falls on the customer or issuing bank instead of the merchant, unless the merchant did not deliver the stipulated service or goods to the customer.
  • In most cases, we like to advise our merchants to use 3-D Secure to reduce chargebacks. However, a non-3-D Secure may be more suitable for subscription business models such as insurance and gym plans, for the convenience of customers.

Non-3-D Secure Payments

  • Does not require customer to enter any OTP, password or code.
  • Quickens the checkout process for a customer
  • However, the liability mostly falls on the merchant.

3-D Secure payment process

1

Step 1

The customer enters his or her credit or debit card details on our hosted universal payment page (UPP) as compliant to PCI DSS.

2

Step 2

The acquirer host checks whether or not the card is registered for 3-D Secure.
  • If the card is registered for 3-D Secure, the customer will be redirected to a 3-D Secure website page served by the issuing bank.
3

Step 3

On the issuing bank’s website, the customer will be asked to enter his or her unique OTP or code sent by the customer’s issuing host.

4

Step 4

Once authenticated, the customer will be redirected to the merchant’s website to confirm payment and receive confirmation of successful payment.

Payments with MyXaaS

What makes us unique is that we cover the whole retail payment ecosystem. That means we are the acquirer host, issuer host and payment service provider. We are also the acquirer cum issuer for DuitNow, Alipay+, Visa, Mastercard and UnionPay.

Pre-authorisation process

  • We support pre-authorisation hold, whereby merchants can put a hold of the amount approved by the customer until settlement, completion or abortion of transaction or expiry of the hold.
  • The main reason for pre-authorisation hold is due to the time lag between the authorisation and settlement for merchant.
  • For example, a hotel customer can be charged RM200 as a hold amount during check in. During the stay, the hotel will deduct from this amount, the charges for room service and phone calls made until check out.
  • Other services like rental car services and pay-at-the-pump at filling stations also tend to use this feature as well.

Refund Process

  • You can request for refund either by calling our refund API online or manually submitting a refund form to our back-end system.
  • With your complete supporting documents, we can execute your refund request within the same business day.
  • We will also credit the refund amount to you within 2 business days or within the agreed cut-off time. The refund amount will however depend on the mutual agreement with your customer and situations.

Why choose us?

Zero Fees

We charge our merchants zero fees for registration, integration, maintenance, and refund until further notice or when prices are subjected to change. Only sales transaction will be charged for Merchant Discount Rate (MDR).

T+ 14 Settlement
No matter your transaction amount, we will settle for you within two days after your transactions. No need to wait for accumulation to a certain amount before cashing out.

PCI DSS Certified

We had been certified as PCI-3DS ACS (formerly Visa ACS) since 2005, followed by the strictest PCI DSS Level 1 since 2009 and PCI PIN Security (formerly Visa PIN Security) since 2015.

0 -bit encryption
As per PCI DSS Level 1 standards, our 128-bit encryption is one of the most secure encryption methods. In a brute-force attack, it would take 1.02 x 1018 years to crack even if you can verify a trillion keys per second.

SSL Certified

As per PCI DSS Level 1 standards, our encrypted connection is provided by a trusted third-party Certificate Authority (CA) that verifies our domain’s identity and allows secure transmission of sensitive, confidential information.

Multi-factor Authentication

Our security technology requires two or more independent credentials to verify identity: what the customer knows such as password, what the customer has such as OTP and what the customer is such as his or her biometric verification.

One-to-One Care

We keep you well informed with our one-to-one customer care during integration and upgrades after integration

0 -hour Service
Call us anytime at +603 4051 9921 after office hours and +603 4051 9922 during office hours for any merchant enquiries.

How to subscribe

  • You can contact us to integrate our Merchant Plug-in on your website for free.
Contact us

Do you want to increase your business?

Drop us a line and keep in touch

Contact us