Your cart is empty.
PCI FAQs
Officeworks Online Payment and Security Standard Frequently Asked Questions
What is Payment Card Industry Data Security Standard (PCI DSS)?
The world's major credit card schemes (VISA, MasterCard and American Express) have introduced the Payment Card Industry Data Security Standard (PCI-DSS) which is a global information security standard applying to all organisations that store, transmit or process credit card information - including Officeworks.
The new standards have been developed to help protect our customers, team members, and suppliers from fraud and identity theft by ensuring that credit card data is handled securely throughout all transactions and interactions including Point of Sale (POS), fax, phone, online orders and email communication.
The following websites have been enhanced to support PCI DSS:
- Officeworks Retail website - http://www.officeworks.com.au
- Officeworks Business website - https://www.officeworks.com.au/business
Changes to the Officeworks website
Officeworks has selected the Coles Secure Payment Gateway facility to process our customer's online payments. This means you will notice some slight changes to the payment screen in our checkout process. At step 3 (the payment details screen, shown below) you will be asked to select your preferred payment type. It is the payment type that will determine which payment gateway is selected to process the transaction.
The customer's credit card transaction will be handled through the Coles Group Payment Gateway at the payment details screen (shown above). To keep the checkout process consistent the Coles Group Payment Gateway pages have been created to reflect the Officeworks payment screens. However, there are important differences:
- Your web browser's address bar will show the Coles Group's domain name. The address bar should begin with
https://payments.coles.com.au/OfficeworksPaymentGateway/EnterCreditCard. - The Secure Connection (SSL) Certificate Authority for Coles is Thawte, and the Thawte logo will display (The SSL Certificate Authority on the Officeworks website is VeriSign and if you are processing a non-PCI payment the VeriSign logo will display instead).
- To ensure that your payment details are captured securely, there is no access to Officeworks navigation and no access to the Officeworks footer.
Why is Officeworks using the Coles Secure Payment Gateway?
At Officeworks, we are committed to the ongoing safeguarding of personal identification and payment information of everyone who shops or interacts with us. We strive to improve our business processes and the technology we use to protect our customer's data. Officeworks has selected the Coles Secure Payment Gateway facility to process our customer's online payments as Officeworks is a part of the Coles Group of companies. Coles Secure Payment Gateway has undergone rigorous PCI testing so that we can ensure your data is handled securely. Officeworks do not share, sell, rent or barter any identifiable personal information to any third party without your permission. For further information on what details we capture and how we handle your data view the Officeworks privacy and security policy.
Issue with Security Warning
If you are using Internet Explorer browsers (IE6, IE7, IE8) when you reach the Payment step in the checkout process, you may be presented with the following security warning pop up message:
Or
These warning messages appear because the Internet Explorer browser on your computer is configured to trust either one of the addresses but not both. Please verify that the addresses displayed are included in the list below and proceed by selecting the "Yes" button:
- www.officeworks.com.au,
- https://www.officeworks.com.au,
- payments.coles.com.au, or
- https://payments.coles.com.au
To ensure that your Internet Explorer does not display this warning message in the future, please follow the instructions below.
- Select Tools and then Internet Options... from your browser's menu
- Select the Security tab. Then select the Trusted sites icon
- Select the Sites... button
- Please make sure that both addresses (https://www.officeworks.com.au and https://payments.coles.com.au) appear on the Web sites list
- Select the OK button to save your changes and exit
- Select the OK button again to exit Internet Options dialog
- These sites have now been added to your Trusted sites list.
- Please note that if you are within a network you may need to ask your network administrator to add these sites to the Trusted sites list.
Issues with the Secure Connection (SSL) Certificate
Some customers may encounter an advisory pop up screen that relates to the Secure Connection (SSL) certificates when visiting Coles Group Payment Gateway page (https://payments.coles.com.au). In most cases, this will be a security warning that the SSL certificate was not issued by a trusted certificate authority. The message varies by browser (see sample screens below). IE6, IE7, IE8, Safari 4, and Chrome 3 show warnings as soon as you attempt to load the page. Opera 10 shows a warning when you click on the "Security Information" icon in the address bar. Firefox does not show a warning, but you still do not get the comforting "green address bar".
Cause:
The security certificate is not listed in the "Trusted Root Certification Authorities" list in Windows.
Solutions:
Solution 1: Microsoft provide an executable file to update the list of trusted root certificates. To keep your certificates up to date simply go to http://support.microsoft.com/?kbid=931125 follow the link "Download the rootsupd.exe package now". Follow the instructions to download the file and then run the update.
Solution 2: Run "Windows Update" and apply all the recommended updates. This will update the list of trusted root certificates.
Note: This problem is unrelated to the IE6 warning ("The current web page is trying to open a site in your Trusted sites list...") that customers may get when being redirected from Officeworks to the Coles Secure Payment Gateway.
Sample Warning Screens from Various Browsers:
|
|
Payment Submission Error: "Payment submission has expired"
Problem:
Some browsers may have cached our old and outdate Payment Details page. As a result, a customer will receive an error saying "Payment submission has expired. Please re-select payment type.". Upon clicking OK button, a user will be re-directed to the Payment Selection page again.
Solution:
The browser's cache must be cleared to force it to fetch a new Officeworks' Payment Detail page. Please see instructions below for each different browsers.
Safari 4.0.4 and Newer
- On Safari, select Safari and then Empty Cache... from the Menu
- A dialog box appears asking to confirm
- Select Empty to confirm
- Reload Payment Selection page again before continue
Firefox 3.5 and Newer
- Select Tools option from the menu
- Select Clear Recent History, the following screen should appear
- Select Details and make sure that only "Cache" option is selected
- Click Clear Now button
- Reload Payment Selection page again before continue
Internet Explorer 8
- Select Tools from the menu
- Select Internet Options, the following screen should appear
- Under Browsing History section, select "Delete..." button, the following screen should appear
- Make sure that only "Cookies" is selected, then click "Delete" button
- Reload Payment Selection page before continue