Before you begin
What are online financial transactions?
An online financial transaction occurs when money is transferred via the internet. These transactions incorporate a range of security measures to protect sensitive financial and personal information.
Why do online financial transactions?
Online financial transactions are essential to delivering some government services.
What does the Victorian Government recommend?
All Victorian Government online financial transactions should be consistent, accessible and trusted. They must meet your customers’ expectations for their preferred device. They should adhere to Victorian government guidelines for security, identity, financial management and privacy.
What standards must be met?
Financial transactions
All procedures for financial transactions must meet the Standing Directions (Victoria’s Minister of Finance). This includes using the Banking and financial services contract if you're a department or mandated agency.
Payment card industry (PCI) security standards
The Payment Card Industry Security Standards Council set up the PCI security standards to protect cardholder data. These global standards govern all merchants and organisations that store, process or transmit this data. The major payment card brands (e.g. Visa, Mastercard) enforce compliance.
Australian Competition and Consumer Commission rules for surcharges
If you pass any credit card or merchant surcharges to the consumer, you must tell them how much this is before the transaction is complete.
Security
You must also comply with the Privacy and Data Protection Act 2014. Refer to secure your service - digital guide, and the security framework and standards on the Commissioner for Privacy and Data Protection website for more information.
Branding
Apply Brand Victoria. Refer to brand Victoria - digital guide (specifically written for digital).
Privacy
Comply with the Privacy and Data Protection Act 2014.
You must provide a collection notice on your online financial transaction. Refer to the protect privacy - digital guide for more information.
Accessibility
To comply with the Australian Government's Disability Discrimination Act 1992, your digital presence must comply with the Web Content Accessibility Guidelines Version 2.1 (WCAG) AA standard.
If your audience is primarily people with a disability (for example, National Disability Insurance Scheme clients), your site must comply with the WCAG 2.1 AAA standard.
Refer to the make content accessible - digital guide for more information.
Manage public records
The Public Record Office Victoria (PROV) (under Section 12 of the Public Records Act 1973) sets the standards for managing the public records your department or agency create. Always check with your department or agency’s records or information management specialist to understand the correct approach to compliance.
Refer to the manage online records - digital guide for more information or the PROV website.
Getting it approved
Your Digital Management Committee (DMC) will need to approve any actions relating to online financial transactions. Check your agency or department’s intranet for the relevant contact details, or contact your local IT support or IT manager for guidance.
Best-practice
Financial transactions vary according to their purpose and audience. Core best practice principles for form design should be followed.
Create a logical flow
Considerations include:
- whether the transaction requires multiple steps
- the most logical flow of steps
- how the information should be grouped.
Refer to the design forms - digital guide for recommendations.
Good process design is more important than the interface. Get the basics right then focus on the UX and interface. Understand all the potential exceptions in the transaction process and write practical user help messages, such as:
- how to cancel or back out of a transaction
- when the user should not refresh the browser before a process has completed.
Make systems efficient
Your systems should make transactions as easy as possible for your customers. Only ask for essential information.
Decide what you will need for your checkout and payment confirmation processes. This could include:
- a billing address and/or shipping address
- proof of identity
- an email address for the tax invoice or receipt.
Create helpful systems
Use visual and functional aids to make the process easier to understand. For example:
- enable auto-tabbing functionality for grouped numbers
- grouping the display of phone numbers and card numbers in smaller chunks (e.g. 4 groups of 4 digits for credit cards instead of a single field for 16 digits)
- showing a picture with location highlighted for the CVC (three-digit code on the back of the card).
Help customers to keep records
Consider how you will show payment summaries, both before and after the payment.
Decide how you will generate and display receipts and what print and email functions you will offer.
Decide how you will provide records of previous transactions to allow your customers to retrieve records.
Keep your knowledge up-to-date
Keep up to date with the latest developer and human–computer interaction (HCI) guidelines for the operating systems and browsers you’re building for. How these work with financial transactions often changes without notice.
- The UK government has a well-developed digital program and a central payment capability.This is a good place to start.
- The official guide to the GOV.UK Pay API for developers and service managers - an example of a good approach and comparator for best practice.
- GitHub and the Open Web Application Security Project (OWASP) are two online software communities working (in part) on financial transactions.
- Google Web Payments API
- Other standards: W3C (web accessibility standards) has a web payments page which signposts the Web Payments Interest Group and the Web Payments Community Group.
Device preferences for financial transactions
It’s impossible to predict what device your customers will want to use for a future financial transaction. Start by investigating device use data.
Identify your user’s device preferences
Once you've identified the devices you'll build your online financial transaction for, research your users' needs and preferences. Refer to the research user experience - digital guide for tips on researching user needs and preferences.
Devices include phones, tablets, watches and wearables, desktop and laptop computers, TVs and virtual reality/augmented reality devices.
Consult developer centres
Visit the respective developer centres for each device or operating system. Review their human–computer interface (HCI) guidelines. Check for device compliance, integration, feasibility and experience issues. Some useful developer centres include:
Tailor your content to these devices
Think through the display considerations for the devices and screen sizes you are going to build for.
The Brand Victoria Guidelines include screen sizes and breakpoints and notes for responsive design (a design that adapts to display well on all display sizes).
Material 3 is the latest version of Google's open-source design system.
Payment types
Know your options
You should build an understanding of the current payment types that are available through the Banking and financial services contract and how they work with the services you’re building. Payment types are generally native applications, websites or a combination of both.
You'll need to establish:
- whether you're dealing with one-off payments, instalments or payment plans
- your boundaries for service — where does Victoria hand off to the payment service provider, acquirer or merchant services provider?
Use statistics
You can extract useful statistics from the site or app you’re building the transaction for. This could include:
- the current volume of payments
- the frequency of payments
- preferred payment methods.
Keep in mind that statistics from existing systems have an inbuilt bias towards the payment services that are already offered.
Do user experience research
Find user research on transactions and guidance on how to implement best practice for your type of transaction. Example: 3 common UX mistakes made by financial institutions(opens in a new window).
Also read the research user experience - digital guide (complete with several templates.)
Payment methods
Identify which payment types you need to cater for. Visit the developer centers for information specific to each payment method:
Look into preferred suppliers
Victorian Government departments and many agencies must use the Banking and financial services (state purchasing) contract under the Financial Management Act 1994. If you’re not sure, check the Banking and financial services contract.
You can also contact the Banking Advisory team on banking.advisory@dtf.vic.gov.au.
Have alternatives available
Sometimes your online payment system won’t be appropriate or possible. You should provide options for urgent transactions during outages of your service. How those are communicated must be compliant with the Financial Management Act and Standing Directions.
Security and privacy
You need to implement rigorous security and privacy measures for online financial transactions to protect yourself and your users – and to help users feel secure. Consider the level of security and authentication your transactions need.
You need to decide how you will manage proof of identity in transactions – when and how to ask for identity verification.
Your transaction needs to comply with Victorian State Government regulations for:
- security
- e-payment
- authentication
- managing personal information.
You should be aware of the related government documents that apply to capturing and storing credit card details, collecting personal information, processing transactions, security and authentication.
For a better understanding of security and privacy refer to secure your service - digital guide and protect privacy - digital guide.
Fees
Consider what merchant fees the consumer will pay for a transaction and decide:
- how you will you tell users about merchant fees,if they apply
- how you'll show GST components
- whether GST will apply all or just part of the transaction.
The Australian Competition and Consumer Commission advises that you must say how much credit card or merchant surcharges are beforehand - not during or after the transaction is complete.
Service providers
You should choose a service provider that offers technology that meets the business requirements for the service you’re building.
Skinnable options
Investigate whether the service provider allows you to apply your design features to their part of the transaction to create a visually seamless transaction across websites.
Trustworthy and reliable
To guarantee a reliable service, choose a web or payment service that has guaranteed uptime (e.g. 99.98%) and redundant servers (copies of the data at another physical site) with strong security.
Also consider whether the service provider has embedded logos and branding that are part of the service and whether branding or the type of information requested will impact citizens’ perceptions of trust, privacy and security.
Reporting
Investigate whether the transactions can be tracked or reported on using your web analytics tool or a third-party analytics service. Transactions made via mobile apps may require separate tools or configuration to collect usage data (including information on where people abandon a transaction).
Regulations or standards
Ensure that the transactions offered by the provider are made only using web servers that follow https protocols and have current trusted third-party SSL certificates.
Approved vendors
Ensure that the service providers are approved vendors under the Standing Directions under the Financial Management Act and Banking and financial services (state purchase) contract.
Personalisation features
If you’re using authentication (login), pre-filling information a user provided in previous transactions can make the transaction easier and faster for the user.
In addition to pre-filling personal contact details, depending on your range of transactions, you could preselect the user’s preferred payment type and display their frequently used transactions higher than others.
When is it appropriate to pre-fill details?
Smart defaults and pre-filling information in forms should only be used if they benefit the majority of registered users. Pre-filling financial transaction forms using account details is not always helpful or appropriate. For more detail on form design and pre-filling best practice read the design forms - digital guide.
Delivery and collection
If you offer a physical product you need to consider delivery and collection options provided under the Mail and delivery services contract.
Communicate clearly about:
- typical delivery turnaround times
- who is providing the delivery service.
- the price of postage options, how this impacts the overall price and when it will be displayed.
Tracking
Decide what tracking options you'll offer. Check the following developer centres:
Support your users
You'll need to have systems in place to support users having trouble with financial transactions. Understand when the service provider should respond to urgent support requests. Who will respond to a user’s question and when? What are the service level agreements for support?
Consider how you will find out if your transaction or the checkout process isn’t running properly and how you will respond.
Related digital guides
Secure your service - digital guide
An introduction to the Office of the Victorian Information Commissioner's 5-step action plan and Protective Data Security Framework.
Protect privacy - digital guide
Understand how to protect privacy when designing, building and managing a digital service.
Make content accessible - digital guide
A practical guide to making your digital content accessible.
Manage online records - digital guide
An introduction to online record management for government.
Updated