Security

Eliminate the common causes of card fraud

Bluechain eliminates the most common causes of card fraud in online payments without complicating the user experience with verification codes, security questions or dongles. Cardholder data or bank account details are never revealed to the other party during a transaction. Certificates and transaction data are securely packaged so they can be transmitted without the need for a secure pipe.

Bluechain security ticks every box

  • Only Bluechain customers can authorise payments on their eCard.
  • Bank accounts and credit cards linked to an eCard must be owner-verified.
  • The identities of both parties are verified.
  • Every eCard is associated with an owner-registered device.
  • There is no possibility of man-in-the-middle or man-in-the-browser fraud.
  • The user’s account details are not stored on their phone.
  • Bluechain eCards cannot be faked.
  • The user’s bank account or credit card details are never disclosed to the merchant.

Bluechain security model roles

Requestor


Sends the payment request.


The request is signed with the requestor’s certificate and sent to the approver via the app.

Approver


Approves the transaction.


The transaction is packaged with the requestor and approver’s certificates and encrypted.

The secure package is sent to Bluechain.

Bluechain


Verifies the requestor and approver’s certificates.

Sends the approved and verified transaction to the switch for clearance and settlement.

Bluechain secures every transaction

Bluechain security is applied to every card-present and card-not-present transaction: in-store, online, billing, pay anyone, or over the phone. And when a credit card is attached to a Bluechain eCard, Bluechain does what Visa and MasterCard can’t and secures the card details, even when paying online.

Every transaction has a unique signature

Bluechain securely binds the validated identities of both parties to the transaction details and the account-holder’s authorisation. And each eCard is associated with an owner-registered device. So every authorized transaction has a unique signature which cannot be reused or faked.

Every transaction must be approved by the account holder

Funds cannot be debited from the user’s account without their knowledge and approval. If the user’s mobile device is lost or stolen, the Bluechain app is fully protected to prevent unauthorised use. And at no stage during or after a transaction are the user’s account details disclosed to the merchant, another Bluechain user or any other party involved in the transaction.

Safe over any open channel

The transmission of the transaction can be via any open network, including Bluetooth and Wi-Fi, without loss of security, creating a seamless payment experience.